Hackers Use THORChain to Launder Atomic Wallet Assets

Having compromised the non-custodial wallet некастодиальный кошелек Atomic Wallet, attackers transferred 503 ETH to the THORChain platform and swapped the assets for Bitcoin, SlowMist researchers noted.

?MistTrack Alert?

North Korean hackers are using new methods to launder funds linked to the @AtomicWallet hack.

Recap?https://t.co/IjjbPZ7j1c

— MistTrack?️ (@MistTrack_io) June 20, 2023

From June 2, a number of Atomic Wallet user accounts were compromised.

Experts differed on the extent of the damage. According to Elliptic, its amount exceeded $100 million. The firm counted more than 5,500 affected wallets. As of June 8, SlowMist had identified 333 compromised addresses with total losses of $21.7 million.

Earlier on-chain analysts found that the stolen funds were sent by the hackers to the mixer Sinbad.io, and also to the US-sanctioned Russian Bitcoin exchange Garantex.

According to SlowMist researchers, the attackers expanded their asset-laundering routes, involving in transactions the multi-chain protocol THORChain and the SWFT Blockchain bridge.

Experts at the firm linked the Atomic Wallet attack to North Korean hackers. Elliptic also noted that Sinbad.io is actively used by the Lazarus Group, a North Korea–linked faction.

Kazakhstan’s law-enforcement authorities have summoned for questioning the leadership of Atomic Wallet.