Update on the Suspicious Activity Incident on Crypto.com
Singapore, 18th January 2022 — Through our team’s preliminary analysis, we estimate that the alleged compromised assets from the recent Crypto.com incident stands at around 172.93225 BTC and ~4,831.17 Ether, with a total of approximately 22.57M USD at current prices/time of writing.
ETHEREUM
As noted by members of the community and verified by our team, suspicious withdrawals with the following transaction patterns were seen to be made from Crypto.com’s Ethereum wallet (0x46340b20830761efd32832A74d7169B29FEB9758):
- Multiple withdrawals/transactions were made from Crypto.com’s wallet to various wallets during the incident period;
- For each of these wallets, most of these multiple withdrawals were of similar/equal amount;
- These receiving wallets were fresh wallets.
Funds from these wallets were subsequently observed to have been transferred to another address 0x6e1218c55f1aCb588Fc5E55B721f1183D7D29D3d — totalling ~4,831.17 Ether. The majority of these stolen funds (4,830 Ether) were subsequently passed through transaction privacy/mixer-like service Tornado Cash.
BITCOIN
Likewise, we have noticed similar suspicious withdrawals on the Bitcoin Chain with respect to Crypto.com’s BTC wallet (bc1q7cyrfmck2ffu2ud3rn5l5a8yv6f0chkp0zpemf).
The BTC involved in these suspicious withdrawals were observed to have been aggregated to a single fresh wallet bc1qk8wlwypvvr6v5lmsngg5a248k2a9cgrsrw5jsq too, where the BTC is currently sitting. This aggregation was done over a single transaction (be53bf20b2fdeb733e17cf9dcdea1f42761486f178711cd679fdf6b19c970ad1), from a total of 162 other wallets, amounting to a total of 172.93225 BTC.
These 162 wallets look to involve the same suspicious withdrawal transaction patterns we saw earlier on the Ethereum Chain:
- Received funds from Crypto.com’s BTC wallet across multiple transactions with similar amounts.
- All wallets are new.
About Uppsala Security
Uppsala Security built Sentinel Protocol, the first crowdsourced Threat Intelligence Platform powered by artificial intelligence, blockchain technology, and machine learning. Supporting the framework is a team of experienced cyber security professionals who have developed an award-winning suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards. Today Uppsala Security has over two thousand (2K+) users including government agencies, financial institutions and leading enterprises providing crypto exchanges, payment services, wallets, custodial services, gaming, and FinTech solutions.
