After making off with $35 million worth of ill-gotten crypto, the hackers who targeted Atomic Wallet earlier this month have covered their on-chain tracks using the cross-chain liquidity protocol THORChain.
- According to the crypto tracking platform MistTrack, the hacker’s address transferred 503 Ether (ETH) to THORChain over the past two days.
- Those funds were then swapped for Bitcoin (BTC) and bridged into a Bitcoin address. In addition, much of the stolen ETH was converted to BTC using the SWFT blockchain.
For example:
According to @MistTrack_io monitoring, the hacker address (0xad3c…1e44) transferred 503.08 $ETH to @THORChain in the last two days and swap for $BTC, then bridged to the BTC address (bc1q…k2xm). pic.twitter.com/Y0N7uptxg7
— MistTrack🕵️ (@MistTrack_io) June 20, 2023
- On-chain sleuth ZachXBT estimated this month that Atomic Wallet users had lost upwards of $35 million in total after receiving numerous reports from users claiming to have had their funds drained. Stolen assets included BTC, ETH, Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB Coin (BNB), and Polygon (MATIC).
- Blockchain analytics firm Elliptic later connected the North Korean hacking group Lazarus to the theft, after stolen funds were laundered through Sinbad.io – a coin mixer used by the group.
- The following week, hackers transferred some of the stolen assets to the Russian crypto exchange Garantex, which is sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). Before that, hackers used 1INCH to exchange their assets for USDT.
- Lazarus Group hackers have used chain-hopping numerous times to conceal funds. After the $600 million Ronin bridge hack last year, the group used the REN protocol and other CEXs to move their stolen assets over to Bitcoin.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.
