Atomic Wallet hacker moves assets to OFAC-sanctioned Russian exchange Garantex

Some of the funds stolen from the Atomic Wallet cryptocurrency wallet ended up on the Russian bitcoin exchange Garantex, which is under U.S. sanctions. Elliptic analysts report.

After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC… pic.twitter.com/5Lk9DeGjr8

— Elliptic Investigations (@Elliptic_Inv) June 12, 2023

\n\n

According to them, the North Korean Lazarus Group, believed to be behind the breach, used the platform to transfer assets into Bitcoin. The funds from Garantex subsequently moved to the Sinbad.io mixer.

\n\n

Elliptic added that the hackers changed the method of laundering the stolen cryptocurrency due to the company’s successful efforts to freeze it on other trading platforms.

\n\n

\n\n

Founded in 2019, the Garantex exchange was registered in Estonia, but later moved most of its operations to Moscow. In April 2022, OFAC imposed sanctions on it for handling more than $100 million of illicit funds.

\n\n

The Sinbad.io mixer, according to Elliptic, is the new version of the Blender.io service, also sanctioned by the United States in May 2022. In particular, Lazarus Group used it to launder assets stolen in June 2022 during the hack of the Horizon cross-chain bridge of the Harmony protocol.

\n\n

From June 2, several user accounts of the non-custodial wallet Atomic Wallet were compromised, resulting in losses of up to $35 million.

\n\n

Subsequently, the stolen funds passed through the Sinbad.io mixer.