Ad
Finance

Atomic Wallet Hackers Use THORChain to Conceal Stolen $35M Funds

The hackers, believed to be North Korean hacking group Lazarus, have been using cross-chain bridges and liquidity protocols to mix stolen funds.

Updated Jun 20, 2023, 12:21 p.m. Published Jun 20, 2023, 10:55 a.m.
Laptop hacker (Towfiqu Barbhuiya/Unsplash)
Laptop hacker (Towfiqu Barbhuiya/Unsplash)

Hackers that targeted crypto wallet Atomic Wallet in a $35 million heist earlier this month have used cross-chain liquidity protocol THORChain to conceal their ill-gotten gains, according to blockchain sleuth MistTrack.

MistTrack states that 503.08 ether (ETH), or around $870,000, connected to the hack was transferred to THORChain in the last two days before being swapped for bitcoin (BTC).

Some of the stolen ether was also bridged to multiple bitcoin addresses using the Swft blockchain, MistTrack said.

Last week, the hackers moved a portion of stolen funds to crypto exchange Garantex, which was sanctioned by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury last April.

Blockchain security firm Elliptic said that it believes North Korean hacking group Lazarus are behind the attack.

THORChain's native token (RUNE) remains stable following the string of hack-related transactions, it trades at 84 cents having risen slightly in the past 24-hours, according to CoinMarketCap.



Oliver Knight

Oliver Knight joined CoinDesk as a news reporter in April 2022. Before joining CoinDesk, Knight was the Chief Reporter at Coin Rivet for three years. Having graduated with a journalism degree from Birmingham City University, Knight went on to work at various sports publications before diving into the world of Bitcoin in 2014. He does not have any crypto holdings.

picture of Oliver Knight