Hackers who recently exploited Atomic Wallet for over $100 million have been found using the cross-chain liquidity protocol THORChain to conceal their tracks. On-chain data reveals that 503 ETH ($870,000), linked to the Atomic hack, was moved to THORChain in mid-June and subsequently exchanged for Bitcoin. This report comes from blockchain investigator Mist Track, who notes that most of the stolen ETH was converted to BTC using the SWFT blockchain.
Blockchain analytics firm Elliptic has connected the Atomic Wallet exploit to the notorious North Korean hacker group Lazarus. This criminal organization has a history of attacking crypto exchanges worldwide to fund DPRK’s ballistic missile programs by siphoning billions of dollars’ worth of digital currencies.
A portion of the stolen funds was transferred to crypto exchange Garantex last week. Interestingly, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) had sanctioned Garantex in April for its involvement with Russian darknet marketplace Hydra and its assistance to ransomware attackers. Even though several crypto exchanges blacklisted addresses related to the Atomic Wallet hack, the hackers still managed to send some of their loot to Garantex. After converting the assets to Bitcoin, the hackers allegedly laundered the funds through the Bitcoin mixer service Sinbad.
It seems that the Lazarus group has a proclivity for chain-hopping techniques to hide their illegal activities. In a similar incident last year, they used the REN protocol and other CEX platforms to move assets stolen in the $600 million Ronin Bridge hack into Bitcoin. Notably, Sinbad was also used to launder part of the Ronin Bridge hack funds.
Another example includes the $100 million Horizon Bridge exploit in June 2022, which the FBI strongly linked to the North Korean hacker group. Once again, the perpetrators applied chain-hopping strategies and mixer services such as Tornado Cash to launder the funds.
According to Elliptic, Lazarus has thus far amassed over $2 billion in crypto assets from DeFi spaces and crypto exchanges. While their exploits have undoubtedly had a substantial impact, crypto enthusiasts and security advocates are urging the industry to enforce stricter measures to prevent such incidents. However, it seems that the use of chain-hopping, sanctioned exchanges, and mixer services complicates the tracking and prevention of these malicious activities. Although the estimated actual benefits of such hacking schemes may be thoroughly debated, the rise in similar crimes reveals the inherent challenges associated with securing and stabilizing this rapidly growing technological realm.
Source: Cryptonews
