After making off with $35 million worth of ill-gotten crypto, the hackers who targeted Atomic Wallet earlier this month have covered their on-chain tracks using the cross-chain liquidity protocol THORChain.
According to the crypto tracking platform MistTrack, the hacker’s address transferred 503 Ether (ETH) to THORChain over the past two days.
Those funds were then swapped for Bitcoin (BTC) and bridged into a Bitcoin address. In addition, much of the stolen ETH was converted to BTC using the SWFT blockchain.
According to @MistTrack_io monitoring, the hacker address (0xad3c…1e44) transferred 503.08 $ETH to @THORChain in the last two days and swap for $BTC, then bridged to the BTC address (bc1q…k2xm). pic.twitter.com/Y0N7uptxg7
— MistTrack🕵️ (@MistTrack_io) June 20, 2023
On-chain sleuth ZachXBT estimated this month that Atomic Wallet users had lost upwards of $35 million in total after receiving numerous reports from users claiming to have had their funds drained. Stolen assets included BTC, ETH, Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB Coin (BNB), and Polygon (MATIC).
Blockchain analytics firm Elliptic later connected the North Korean hacking group Lazarus to the theft, after stolen funds were laundered through Sinbad.io – a coin mixer used by the group.
The following week, hackers transferred some of the stolen assets to the Russian crypto exchange Garantex, which is sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). Before that, hackers used 1INCH to exchange their assets for USDT.
Lazarus Group hackers have used chain-hopping numerous times to conceal funds. After the $600 million Ronin bridge hack last year, the group used the REN protocol and other CEXs to move their stolen assets over to Bitcoin.
The post Atomic Wallet Hackers Take Advantage of THORChain to Hide $35M appeared first on CryptoPotato.