Atomic Wallet Hackers Leverage THORChain To Launder Stolen Funds

In a stunning turn of events earlier this month, the cryptocurrency safehouse, Atomic Wallet, fell victim to a massive cyber heist, with the culprits absconding with a staggering $35 million. The digital bandits, employing sophisticated techniques, exploited the cross-chain liquidity protocol, THORChain, to camouflage their ill-obtained fortune, as revealed by the blockchain detective, MistTrack.

Ethereum and the THORChain Connection

MistTrack’s investigation unearthed that a sum of 503.08 Ether (ETH), equivalent to approximately $870,000, linked to the breach, was funneled into THORChain in the 48 hours preceding the hack. Subsequently, this cache of stolen Ether was exchanged for  Bitcoin (BTC).

Adding another layer of intrigue, a fraction of the purloined Ether was funneled into numerous Bitcoin addresses, utilizing the Swft blockchain as a bridge. This action further obfuscated the trail of the stolen funds, making it all the more challenging for investigators to trace, as reported by MistTrack.

In a bold move, the cyber thieves redirected a segment of the stolen assets to the cryptocurrency exchange, Garantex, last week. Interestingly, Garantex had been slapped with sanctions by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury only in the previous April.

MistTrack also alleges the thieves deployed two new smart contracts on the Ethereum network. One for converting ETH to Wrapped ETH, and one to do the opposite. After distributing funds to various wallets, they continued to move money across Ethereum and its Layer-2 networks. That is very similar to the Harmony Bridge hack of 2022. 

Suspected Culprits and the Lazarus Group Angle

Notably, Elliptic, a leading blockchain security firm, asserted its belief that the infamous North Korean hacker group, Lazarus, may be the puppet masters behind this audacious cyber assault on Atomic Wallet.

Despite the progress made in unearthing the intricate machinations of the heist, several unknowns continue to shroud the investigation. The true identity of the perpetrators remains elusive, as does a comprehensive understanding of their modus operandi. As the crypto community reels from the implications of this breach, the quest for answers and justice continues.

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.