Elliptic security researchers have discovered that attackers behind the $35 million exploit of crypto wallet Atomic Wallet earlier this month are moving stolen funds via OFAC-sanctioned exchange Garantex. The North Korean hacking group Lazarus is believed to be responsible for the hack.
The funds were previously exchanged via the on-chain trading tool 1inch, transferred to Garantex, and then traded for Bitcoin (BTC). The Bitcoin was then laundered through Sinbad, a Bitcoin mixer service allegedly used by North Korean hacking groups.
Nearly $35 million worth of various tokens were stolen from Atomic Wallet, a centralized storage and wallet service, on June 3, Elliptic said in a tweet. These tokens include Bitcoin (BTC), Ether (ETH), Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB Coin (BNB) and Polygon’s MATIC.
Atomic Wallet reported that the impacted users represented “less than 1% of its monthly active users.” Investigations are still ongoing.
Several crypto exchanges have already frozen addresses related to the Atomic Wallet hack, but some funds have found their way to Garantex.