Crypto.com reported during its recent security breach that it lost about $15 million. However, an on-chain analyst claims that it may have been much more than that. The on-chain analyst in question, Pseudonymous ErgoBTC, who works at Bitcoin’s research firm OXT Research, says that the worth of losses may be up to $33 million.
Last Monday, reports stated that Crypto.com temporarily paused all withdrawals after some of its users noticed dubious transactions on their accounts. Since then, the crypto exchange has resumed withdrawals, assuring users that their funds were unharmed. However, the platform later reports that about 4.6K ETH ($15 million) was stolen and that hackers laundered the funds via Tornado Cash.
On Tuesday, ErgoBTC tweeted, implying that Crypto.com’s payout wallet lost another 444 BTC ($18.5 million). The on-chain analyst explained that OXT Research detected a questionable transaction worth 52.55 BTC ($2.18 million) from the crypto exchange’s custodial wallet.
We noted this abnormally large withdrawal from @cryptocom's payout wallet bc1q7cyrfmck2ffu2ud3rn5l5a8yv6f0chkp0zpemf via https://t.co/D9yITrsei4
Shortly after, several hundred withdrawals are consolidated into 4 outputs for 67.75 BTC.
— ∴Ergo∴ (@ErgoBTC) January 18, 2022
After that transaction, “several hundred withdrawals” were created and then merged into four different outputs, each worth 67.75 BTC ($2.81 million). The four batches amounted to 271 BTC ($11.25 million) overall, and the hacker laundered all of them through Bitcoin tumbler, a service that permits users to merge multiple transactions into one. As a result, investigators will have a challenging time tracing BTC transfers.
According to ErgoBTC, this Bitcoin tumbler service is allegedly used by Lazarus, a North Korean cybercrime syndicate. ErgoBTC also mentions that the same perpetrators behind Crypto.com’s security breach are also in control of another address, which holds about 172.9 BTC ($7.25 million).
According to data from Blockchair, it appears that the address received the funds around the same time the perpetrators made the other transactions linked to the Crypto.com hack. However, it seems that the hacker still hasn’t moved those funds through a bitcoin tumbling service for now.
