ErgoBTC, the OXT Research on-chain expert, claimed that the losses from the hacker attack of Crypto.com may be near $33 million as opposed to the reported $15 million, equivalent to 4.830 Ethereum (ETH).
ErgoBTC tweeted yesterday that about 444 Bitcoin (BTC) equivalent to $18.5 million were stolen out of the payout wallet of Crypto.com, in addition to the initially reported losses. ErgoBTC deliberated further on the transactions, by claiming that the payout from the Crypto.com custodial wallet was initially flagged by OXT research amounting to $2.18 million, equivalent to 52.55 Bitcoin (BTC).
Moreover, hundreds of withdrawals were recorded and later accumulated into 4 batches, each consisting of $2.81 million, or 67.75 Bitcoin (BTC). A Bitcoin (BTC) tumbler — a merging service that lets users blend multiple transactions to make it impossible to trace Bitcoin (BTC) transfers — was used to route these four bulk transactions worth 271 Bitcoin (BTC), equivalent to $11.25 million.
Per the tweet by ErgoBTC, Lazarus Group is known for using the Bitcoin (BTC) tumbler to funnel money, in the same way that it was used to funnel the 271 Bitcoin (BTC). Lazarus Group is a notorious North Korean cybercrime ring backed by the state which has been involved in multiple cryptocurrency exchange cyber exploits.
This tumbler has been commonly used in hacks attributed to the DPRK Lazarus Group and more recently in the attempted laundering of BTC from to this summer's Darkside ransomware activity. https://t.co/OqZvigXcXz
— 🏴∴Ergo∴🏴 (@ErgoBTC) January 18, 2022
Another address owning 172.9 Bitcoin (BTC) equivalent to $7.25 million was also traced back to the hackers behind the Crypto.com cyber-attack by ErgoBTC. The address seemingly obtained the funds simultaneously to the transactions linked to the Crypto.com breach.
At the time of publication, the claimed hacker still has not funneled the funds through the Bitcoin (BTC) tumbler. On another note, Crypto.com still has not recognized any losses from the cyber attack. Nonetheless, Kris Marszalek, the CEO of Crypto.com has tweeted saying that the user funds are secure though they took measures to freeze withdrawals after foul play was suspected. The CEO also stated that findings will be made public after the internal investigation of the company is complete.