Atomic Wallet Hackers Hide $35 Million Stolen Crypto Funds Using THORChain – Here’s What You Need to Know

CRYPTO Hack
Last updated:
Author
Author
Jai Pratap
About Author

Jai serves as the Asia Desk Editor for Cryptonews.com, where he leads a diverse team of international reporters. Jai has over five years of experience covering the web3 industry.

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: Pexels

Hackers that exploited Atomic Wallet for over $100 million earlier this month are using the cross-chain liquidity protocol THORChain to hide their loot. 

According to on-chain data, 503 ETH equivalent to $870,000, associated with the Atomic hack, was moved to THORChain on the 18th and 19th of June and then exchanged for Bitcoin, as reported by blockchain investigator Mist Track.

Most of the proceeds in ETH from the exploit were converted to BTC using the SWFT blockchain.

Blockchain analytics firm Elliptic linked the Atomic Wallet exploit to the infamous North Korean hacker group Lazarus. 

The same group has reportedly attacked multiple crypto exchanges all over the world to drain billions of dollars worth of crypto to fund DPRK’s ballistic missile programs. 

Hackers Launder Stolen Funds Through Garantex

The Atomic Wallet hackers moved some of the stolen funds to crypto exchange Garantex last week. 

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury sanctioned the crypto exchange in April for its ties with Russian darknet marketplace Hydra and for enabling ransomware attackers. 

At the same time, OFAC also announced sanctions against the crypto mixing services Blender and Tornado Cash that the North Korean hackers also used to launder funds. 

Despite being sanctioned, Garantex continues to operate freely. 

As per Elliptic security researchers, many crypto exchanges have already blacklisted addresses linked to the Atomic Wallet hack, but hackers managed to send a portion of the stolen funds to Garantex.

After transferring the funds to the sanctioned crypto exchange, the hackers traded the funds for bitcoin and then laundered them through the bitcoin mixer service provider Sinbad. 

Lazarus Group Uses Chain-Hopping to Hide Funds

This is not the first time that the North Korean Lazarus group has used chain-hopping to conceal their illicit funds. 

The  group used the REN protocol and other CEX to move their stolen assets into Bitcoin from the infamous $600 million Ronin Bridge hack last year.

Lazarus hackers had also used Sinbad to launder a portion of the stolen funds from the Ronin Bridge hack. 

In June 2022, Horizon Bridge was exploited for over $100 million in a series of attacks. The FBI confirmed that it found strong links to the North Korean hacker group. The hackers used a similar chain-hopping strategy to launder those funds as well as using mixer services like Tornado Cash. 

Lazarus has so far stolen over $2 billion in crypto assets from DeFi and crypto exchanges, according to Elliptic. 

More Articles

Blockchain News
Australia’s AML Regulator Targets 13 Crypto and Remittance Firms for Compliance Shortfalls 
Shalini Nagarajan
Shalini Nagarajan
2025-02-17 07:04:30
Bitcoin News
Twelve U.S. States Hold $330M in Saylor’s Strategy Stock Across Pension and Treasury Funds
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-17 06:00:54
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors