A third-party blockchain research company OXT Research has uncovered a loss of 444 BTC in addition to 4,600 ETH in the recent crypto.com hack.
The recent hack of Crypto.com saw 4.6K (~$15M) of ETH stolen, according to Peckshield. BeInCrypto recently reported losses of 2-5 ETH for several users, and the Twittersphere was in an uproar. The alleged hacker laundered heist proceeds via Tornado Cash, a tool that masks the link between the source and destination funds. The funds were laundered on Jan. 18, 2021, in 48 deposits of 100 ETH and three deposits of 10 ETH to Tornado Cash.
Now, an anonymous on-chain analyst @ErgoBTC, working for OXT Research, has uncovered a larger heist totaling closer to $33M. Shortly after the heist, the CEO of Crypto.com said that no user funds were stolen. It does now appear that $18.5M worth of BTC was removed from Crypto.com’s payout wallet.
OXT Research initially observed a 52.55 BTC payout from a crypto.com hot wallet. Following this, a number of withdrawals were executed in batches of four transactions of 67.55 BTC. The withdrawals totaling 271 BTC were sent to a bitcoin tumbler suspected of connections with the North Korean cybercrime syndicate, The Lazarus Group. Also, 173 BTC has not been sent to a tumbler, but was transferred to an address associated with the hack at the same time as the hack, and appears to be part of the heist. The total loss of BTC is thus believed to be 444 BTC.
CEO still adamant that user funds are safe
The CEO of Crypto.com continues to reassure customers that none of their funds were lost. But many have taken to Twitter to express their frustration and allege that they experienced some loss. Withdrawals were down for approximately 14 hours, and “the team has hardened the infrastructure in response to the incident.” An announcement was made at 5:42 PM on Jan. 17, 2022, that withdrawals had come back online. The CEO has also said that the company is conducting a full investigation and will release a postmortem once it is complete. It is unclear at this point how the attack was executed.
Lazarus group notoriety
BeInCrypto recently reported that the Lazarus Group, which used the same bitcoin mixer as the Crypto.com hack, was responsible for the theft of over $400M in 2021. The United States believes that the Lazarus Group is controlled by the Reconnaissance General Bureau of North Korea. It is thought that the group used phishing, code vulnerabilities, and sophisticated social engineering attacks to steal the funds.
What do you think about this subject? Write to us and tell us!
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Source: https://beincrypto.com/lost-funds-from-crypto-com-hack-now-exceed-33m/