The Sentinel Protocol team, which is operating a platform leveraging blockchain technology in order to harness collective cyber security intelligence to protect crypto assets against hackers, scams and fraud, has provided an update regarding the suspicious activity incident involving Crypto.com.
Through their team’s preliminary analysis, the team estimated (on January 18, 2022) that the alleged compromised assets from the recent Crypto.com incident “stands at around 172.93225 BTC and ~4,831.17 Ether, with a total of approximately 22.57M USD at current prices/time of writing.”
As noted by members of the community and verified by their team, suspicious withdrawals “with the following transaction patterns were seen to be made” from Crypto.com’s Ethereum wallet (0x46340b20830761efd32832A74d7169B29FEB9758):
- Multiple withdrawals/transactions “were made from Crypto.com’s wallet to various wallets during the incident period;”
- For each of these wallets, most of these multiple withdrawals “were of similar/equal amount;”
- These receiving wallets “were fresh wallets.”
- Funds from these wallets “were subsequently observed to have been transferred to another address 0x6e1218c55f1aCb588Fc5E55B721f1183D7D29D3d — totaling ~4,831.17 Ether.”
- The majority of these stolen funds (4,830 Ether) “were subsequently passed through transaction privacy/mixer-like service Tornado Cash.”
- Likewise, the team “have noticed similar suspicious withdrawals on the Bitcoin Chain with respect to Crypto.com’s BTC wallet (bc1q7cyrfmck2ffu2ud3rn5l5a8yv6f0chkp0zpemf).”
- The BTC involved in these suspicious withdrawals “were observed to have been aggregated to a single fresh wallet bc1qk8wlwypvvr6v5lmsngg5a248k2a9cgrsrw5jsq too, where the BTC is currently sitting.”
- This aggregation was “done over a single transaction (be53bf20b2fdeb733e17cf9dcdea1f42761486f178711cd679fdf6b19c970ad1), from a total of 162 other wallets, amounting to a total of 172.93225 BTC.”
- These 162 wallets “look to involve the same suspicious withdrawal transaction patterns” they saw earlier on the Ethereum Chain: “Received funds from Crypto.com’s BTC wallet across multiple transactions with similar amounts.”
- All wallets “are new.”
As covered, Uppsala Security built Sentinel Protocol, which is reportedly the first crowdsourced Threat Intelligence Platform “powered by artificial intelligence, blockchain technology, and machine learning.”
Supporting the framework is a team of experienced cyber security professionals who have “developed an award-winning suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards.”
Today Uppsala Security has “over two thousand (2K+) users including government agencies, financial institutions and leading enterprises providing crypto exchanges, payment services, wallets, custodial services, gaming, and FinTech solutions.”
It’s worth noting that PeckShield Inc., a blockchain security and data analytics company, has also shared its findings on the Crypto.com incident.
The @cryptocom loss is about $15M with at least 4.6K ETHs and half of them are currently being washed via @TornadoCash https://t.co/PUl6IrB3cp https://t.co/6SVKvk8PLf pic.twitter.com/XN9nmT857j
— PeckShield Inc. (@peckshield) January 18, 2022