Blockchain security and compliance firm Elliptic has provided an update on the stolen funds from the recent $35 million Atomic Wallet hack. The firm alleges that the Lazarus Group, a North Korean hacking collective believed to be responsible for the attack, has utilized the sanctioned Russian-based crypto exchange Garantex to launder the illicitly gained crypto assets.
In a recent Twitter post, Elliptic revealed that there had been a significant and successful collaborative effort between the firm, various exchange partners, and concerned parties to freeze the stolen funds from Atomic Wallet. However, Lazarus has reportedly found alternative means to trade their assets, particularly for Bitcoin (BTC).
The United States Office of Foreign Assets Control (OFAC) had previously sanctioned both Garantex and the Russian Hydra dark web marketplace in April 2022. Garantex, founded in late 2019 and initially registered in Estonia, later shifted most of its operations to Moscow, as noted by the Treasury Department.
The Treasury Department’s analysis of known Garantex transactions revealed that over $100 million in transactions were associated with illicit actors and darknet markets, highlighting the potential scale of illicit activities on the platform.
Recent data also indicated that the ill-gotten gains from the Atomic Wallet hack were being funneled through the Sinbad.io mixer, a service frequently utilized by the Lazarus Group. According to Elliptic, the hackers continue to obfuscate the funds withdrawn from Garantex through the Sinbad.io mixer.
It’s worth mentioning that Blender.io (formerly known as Sinbad.io) was also sanctioned by the Treasury Department in May 2022 due to its association with North Korea’s malicious cyber activities and money laundering of stolen virtual currency.
The Atomic Wallet hack occurred on June 3, resulting in the compromise of several user accounts and the loss of up to $35 million in digital assets. Five days after the incident, Atomic Wallet enlisted the assistance of blockchain security and analyst company Chainalysis as the lead investigator. However, Chainalysis declined to comment on the ongoing investigation.
The Lazarus Group, known for its notorious activities, has been linked to several significant cryptocurrency exploits in the past year, including the Harmony Bridge hack and the Ronin Bridge hack.
