On-chain analyst claims Crypto.com hack was closer to $33 million

Quick Take

  • The Crypto.com hack may also have included 444 BTC (18.4 million) stolen from the exchange’s custodial wallet.
  • The alleged attacker has laundered 271 BTC ($11.25 million) via a bitcoin tumbler often used by North Korean hackers.

The Crypto.com security breach that allegedly led to the theft of 4,830 ETH ($15 million) as previously reported might be closer to $33 million, according to the pseudonymous ErgoBTC, an on-chain analyst at bitcoin (BTC) research outfit OXT Research.

Per ErgoBTC’s tweet on Tuesday, an additional 444 BTC ($18.5 million) was siphoned from Crypto.com’s payout wallet. Detailing the suspicious transactions, ErgoBTC said OXT Research first flagged a suspicious payout from the exchange’s custodial wallet to the tune of 52.55 BTC ($2.18 million).

This transaction was followed by “several hundred withdrawals” as noted by ErgoBTC that were later batched into four outputs of 67.75 BTC ($2.81 million) each. These four batched outputs totaling 271 BTC ($11.25 million) were funneled via a bitcoin tumbler — a mixing service that allows users to combine different transactions to make it difficult to trace BTC transfers.

According to ErgoBTC’s tweet, the bitcoin tumbler used by the alleged hacker to launder the 271 BTC is commonly used by Lazarus Group — the notorious North Korean state-backed cybercrime syndicate that has been linked to several crypto exchange hacks.

ErgoBTC also linked another address holding 172.9 BTC ($7.25 million) as belonging to the hackers responsible for the Crypto.com security breach. Details from blockchain explorer Blockchair show that the address received the funds around the same time as the other transactions identified as being part of the Crypto.com hack.

The alleged hacker has yet to route the funds through the bitcoin tumbler service as of the time of writing. Meanwhile, Crypto.com has yet to acknowledge any losses from the incident with the company’s CEO Kris Marszalek stating that user funds were safe — although the exchange did temporarily freeze withdrawals citing reports of suspicious activity. Marszalek also said that the exchange was carrying out an internal investigation into the matter.

We have reached out to Crypto.com and will update this story should we hear back.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.