New investigations into the Crypto.com platform hack are emerging and show that the exchange’s loss may have been even greater than initially suggested.
The portal researchers rect published this Wednesday (19) that another 444 BTC were stolen from wallets belonging to Crypto.com, about BRL 102 million at the current bitcoin price.
With this new information, Crypto.com’s loss could be around BRL 182 million. On Tuesday (18), blockchain security firm PeckShield had already confirmed the theft of 4,600 ETH on the platform. At the time, the researchers confirmed to the Decrypt that the true scale of the damage was “definitely worse”.
In interview Speaking to Bloomberg TV on Wednesday, Crypto.com CEO Kris Marszalek confirmed for the first time that 400 users’ accounts were hacked.
“We stopped very quickly, paused withdrawals, fixed it and came back online in about 13/14 hours and within the same day all affected accounts were fully refunded so there was no loss of funds for customers,” Marszalek said. .
The interviewer asked the businessman if the damage from the attack really was US$ 32 million, but he did not want to reveal, adding that an official publication on the subject will be released in the coming days.
Prior to that, Crypto.com did not provide any clarification on the incident other than Monday’s alert that it had detected unauthorized activity on the accounts of a small number of users.
The unusual move caused the platform to block withdrawals from all customers until they reset the two-factor authentication of their accounts.
Hours after PeckShield investigators confirmed the Ethereum theft and emerged stories of users who saw their funds disappear on the platform, the CEO of Crypto.com he said that no customer funds had been lost.
The executive said he was particularly happy with the support he received from the community and the opportunity the incident provided to strengthen the security of the platform. “We learn, we improve, we move forward relentlessly,” he wrote.
Hiding coins on the blockchain
While the Crypto.com team refuses to reveal the damage of the hack, the attackers who were behind the offensive try to hide the trail of stolen cryptocurrencies.
PeckShield has identified that the 4,600 stolen ETH is being laundered in Tornado Cash, an Ethereum network cryptocurrency mixing that has become the preferred service of scammers to hide their identities and obscure the trail of cryptocurrencies on the blockchain.
The Twitter User @ErgoBTC, who was the first to identify the alleged theft of 444 BTC from Crypto.com wallets, also points out that the coins are being moved around.
“We have seen this unusually large withdrawal from Wallet payment method from Crypto.com. Shortly after, several hundred withdrawals are consolidated into 4 exits for 67.75 BTC. The 271 BTC is sent in a series of 24 or 25 BTC deposits in a well-known BTC tumbler. More 173 BTC than address is likely associated with the hack, not yet uploaded to tumbler.”
The “tumbler” cited by the user concerns a mixing of the bitcoin network that has already been used by hackers from the DPRK Lazarus Group and Darkside.