According to an online chain analyst, the total loss from the latest hack on Crypto.com, which affected over 400 users, could amount to more than the reported $15 million. 

Analyst Claims Additional Funds Lost

An on-chain analyst at Bitcoin research firm OXT Research, who goes by the pseudonym ErgoBTC has tweeted out that the Crypto.com hack might be resulting in losses worth $33 million. The initially reported loss amount was 4.6K ETH or $15 million. 

Ergo tweeted, 

“Adding another 444 BTC to the previously reported 4.6k ETH from yesterday’s crypto.com hack…We noted this abnormally large withdrawal from crypto.com’s payout wallet…Shortly after, several hundred withdrawals are consolidated into 4 outputs for 67.75 BTC…The 271 BTC then make a series 24 or 25 BTC deposits to a well-known BTC tumbler.”

Multiple Unauthorized Withdrawals Shown

The attack which happened on 17th January was brought to the notice of the Crypto.com team when around 483 users experienced unauthorized crypto withdrawals from their accounts. Detecting the suspicious activities, Crypto.com had halted all withdrawals. 

“Earlier today, a small number of users experienced unauthorized activity in their accounts. All funds are safe.”

Since then the exchange has resumed withdrawals and reimbursed all users who had lost funds. Initial reports had emerged saying that around 4600 ETH worth $15 million had been lost in the breach. However, ErgoBTC’s tweets suggest that another 444 BTC worth $18.5 million has been stolen from Crypto.com’s payout wallet. Furthermore, according to ErgoBTC, OXT Research has discovered another $2.18 million worth of suspicious transaction (around 52 BTC) from Crypto.com’s custodial wallet. Finally, hundreds of withdrawals combined into four outputs worth a total of 271 BTC ($11.25 million) were further made and laundered through a suspicious BTC tumbler that has been previously involved in the DPRK Lazarus hacks and the Darkside ransomware hacks. 

Team Crypto Claims Recovery

Commenting on the hack, Crypto.com CEO, Kris Marszalek had said, 

“There are multiple layers, and in this particular incident, some of these layers were breached…which resulted in about 400 accounts having unauthorized transactions. In any case, one has to remember that given the scale of the business, these numbers are not particularly material.”

According to early speculations, the hackers managed to bypass 2FA security and access these accounts. Users have been requested to reset their 2FA information and log out and log back in to regain access. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.