Hackers used THORChain to hide $35M in stolen crypto funds from Atomic Wallet.

Hackers who stole over $100 million from Atomic Wallet earlier this month are now using the cross-chain liquidity protocol THORChain to conceal their stolen funds.

On-chain data shows that 503 ETH, equivalent to $870,000 and linked to the Atomic hack, was transferred to THORChain on June 18th and 19th and then exchanged for Bitcoin. This was reported by blockchain investigator Mist Track.

Most of the proceeds in ETH from the hack were converted to BTC using the SWFT blockchain.

Elliptic, a blockchain analytics firm, has linked the Atomic Wallet hack to the well-known North Korean hacker group, Lazarus.

This group has reportedly attacked multiple crypto exchanges worldwide to drain billions of dollars worth of crypto in order to fund DPRK’s ballistic missile programs.

Hackers Launder Stolen Funds Through Garantex

Last week, the Atomic Wallet hackers moved some of the stolen funds to the crypto exchange Garantex.

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury sanctioned the crypto exchange in April for its ties to the Russian darknet marketplace Hydra and for enabling ransomware attackers.

At the same time, OFAC also announced sanctions against the crypto mixing services Blender and Tornado Cash, which the North Korean hackers also used to launder funds.

Despite being sanctioned, Garantex continues to operate freely.

According to Elliptic security researchers, many crypto exchanges have already blacklisted addresses linked to the Atomic Wallet hack, but the hackers managed to send a portion of the stolen funds to Garantex.

After transferring the funds to the sanctioned crypto exchange, the hackers traded the funds for bitcoin and then laundered them through the bitcoin mixer service provider Sinbad.

Lazarus Group Uses Chain-Hopping to Hide Funds

This is not the first time that the North Korean Lazarus group has used chain-hopping to conceal their illicit funds.

The group used the REN protocol and other CEX to move their stolen assets into Bitcoin from the infamous $600 million Ronin Bridge hack last year.

Lazarus hackers had also used Sinbad to launder a portion of the stolen funds from the Ronin Bridge hack.

In June 2022, Horizon Bridge was exploited for over $100 million in a series of attacks. The FBI confirmed that it found strong links to the North Korean hacker group. The hackers used a similar chain-hopping strategy to launder those funds as well as using mixer services like Tornado Cash.

Lazarus has so far stolen over $2 billion in crypto assets from DeFi and crypto exchanges, according to Elliptic.

We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Market

Kelp DAO Introduces KEP Token, Making Ethereum Restaking More Liquid

Kelp DAO's latest development, the KEP token, is set to enhance liquidity for EigenLayer Points, providing valuable o...

Market

AltSignals outlook amidst Huobi insolvency rumors and crypto market slowdown.

Justin Sun, the visionary founder of TRON, has boldly refuted any unfounded rumors surrounding Huobi's financial stab...

Bitcoin

Humorous and Professional Announcement from HTX Exchange

HTX, a popular digital asset exchange, has announced the resumption of deposit and withdrawal services for top crypto...

DeFi

Decentralized Finance and the Rise of Liquid Restaking Tokens (LRTs) on Ethereum

The emergence of popular liquid restaking platforms such as Puffer and Ether.Fi has generated billions of dollars in ...

News

HTX From Hot to Cold - $258 Million Flows out since Resuming Operations Last Month

After a recent security breach, HTX, which is associated with Justin Sun, has experienced a significant $248 million ...

DeFi

Justin Sun's platform, Poloniex, was hacked for over $100 million. The hackers then bought TRX, causing its price to skyrocket.

Poloniex lost over 114 million USD to a hacker attack, with the hacker using the stolen funds to purchase TRX, causin...