On-chain analyst claims Crypto.com hack was closer to $33 million

Quick Take

  • The Crypto.com hack may also have included 444 BTC (18.4 million) stolen from the exchange’s custodial wallet.
  • The alleged attacker has laundered 271 BTC ($11.25 million) via a bitcoin tumbler often used by North Korean hackers.

The Crypto.com security breach that allegedly led to the theft of 4,830 ETH ($15 million) as previously reported might be closer to $33 million, according to the pseudonymous ErgoBTC, an on-chain analyst at bitcoin (BTC) research outfit OXT Research.

Per ErgoBTC’s tweet on Tuesday, an additional 444 BTC ($18.5 million) was siphoned from Crypto.com’s payout wallet. Detailing the suspicious transactions, ErgoBTC said OXT Research first flagged a suspicious payout from the exchange’s custodial wallet to the tune of 52.55 BTC ($2.18 million).

This transaction was followed by “several hundred withdrawals” as noted by ErgoBTC that were later batched into four outputs of 67.75 BTC ($2.81 million) each. These four batched outputs totaling 271 BTC ($11.25 million) were funneled via a bitcoin tumbler — a mixing service that allows users to combine different transactions to make it difficult to trace BTC transfers.

According to ErgoBTC’s tweet, the bitcoin tumbler used by the alleged hacker to launder the 271 BTC is commonly used by Lazarus Group — the notorious North Korean state-backed cybercrime syndicate that has been linked to several crypto exchange hacks.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

ErgoBTC also linked another address holding 172.9 BTC ($7.25 million) as belonging to the hackers responsible for the Crypto.com security breach. Details from blockchain explorer Blockchair show that the address received the funds around the same time as the other transactions identified as being part of the Crypto.com hack.

The alleged hacker has yet to route the funds through the bitcoin tumbler service as of the time of writing. Meanwhile, Crypto.com has yet to acknowledge any losses from the incident with the company’s CEO Kris Marszalek stating that user funds were safe — although the exchange did temporarily freeze withdrawals citing reports of suspicious activity. Marszalek also said that the exchange was carrying out an internal investigation into the matter.

We have reached out to Crypto.com and will update this story should we hear back.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Osato is a news reporter at The Block as part of the crypto ecosystems team that focuses on DAO governance, staking, blockchain layers, and DeFi. He was previously a news reporter at Cointelegraph. Based in Lagos, Nigeria, he enjoys crosswords, poker, and attempting to beat his Scrabble high score. Follow him on Twitter at @OsatoNomayo.