{"id":80116,"date":"2023-06-13T10:25:00","date_gmt":"2023-06-13T07:25:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=80116"},"modified":"2025-09-11T14:53:46","modified_gmt":"2025-09-11T11:53:46","slug":"atomic-wallet-hacker-moves-assets-to-ofac-sanctioned-russian-exchange-garantex","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/atomic-wallet-hacker-moves-assets-to-ofac-sanctioned-russian-exchange-garantex\/","title":{"rendered":"Atomic Wallet hacker moves assets to OFAC-sanctioned Russian exchange Garantex"},"content":{"rendered":"<p>Some of the funds stolen from the Atomic Wallet cryptocurrency wallet ended up on the Russian bitcoin exchange Garantex, which is under U.S. sanctions. Elliptic analysts report.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">After a significant and successful cross-community effort between <a href=\\\"https:\/\/twitter.com\/elliptic?ref_src=twsrc%5Etfw\\\">@elliptic<\/a>, many of our exchange partners and friends to freeze stolen <a href=\\\"https:\/\/twitter.com\/AtomicWallet?ref_src=twsrc%5Etfw\\\">@AtomicWallet<\/a> funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC\u2026 <a href=\\\"https:\/\/t.co\/5Lk9DeGjr8\\\">pic.twitter.com\/5Lk9DeGjr8<\/a><\/p>\n<p>\u2014 Elliptic Investigations (@Elliptic_Inv) <a href=\\\"https:\/\/twitter.com\/Elliptic_Inv\/status\/1668338875243085824?ref_src=twsrc%5Etfw\\\">June 12, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script>\\n\\n<\/p>\n<p>According to them, the North Korean Lazarus Group, believed to be behind the breach, used the platform to transfer assets into Bitcoin. The funds from Garantex subsequently moved to the Sinbad.io mixer.<\/p>\n<p>\\n\\n<\/p>\n<p>Elliptic added that the hackers changed the method of laundering the stolen cryptocurrency due to the company&#8217;s successful efforts to freeze it on other trading platforms.<\/p>\n<p>\\n\\n<\/p>\n<div class=\\\"wp-block-text-wrappers-update-2 article_update\\\"><time class=\\\"gtb_text-wrappers_update_time\\\">14 June 2023 | 14:49<\/time><span class=\\\"gtb_text-wrappers_update_head\\\">Update: <\/span>\\n<\/p>\n<p>Representatives of Garantex told RBC that they had managed to block part of the funds deposited on the exchange. After a request by law enforcement authorities, they will be returned to the rightful owners.<\/p>\n<p>\\n\\n<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abNo tagged transactions leave the quarantine. Moreover, the platform conducts <span data-descr=\\\"Know Your Customer\\\" class=\\\"old_tooltip\\\">KYC<\/span>-procedures, so all accounts involved in the discussed situation are verified and currently blocked. Garantex is ready to provide law enforcement authorities with any information it has for the investigation\u00bb, added the platform&#8217;s representatives.<\/p>\n<\/blockquote>\n<p>\\n<\/p><\/div>\n<p>\\n\\n<\/p>\n<p>Founded in 2019, the Garantex exchange was registered <a href=\"https:\/\/forklog.com\/en\/news\/garantex-exchange-operator-loses-crypto-licence-to-operate-in-europe\">in Estonia<\/a>, but later moved most of its operations <a href=\"https:\/\/forklog.com\/en\/news\/report-moscow-city-exchanges-help-cash-out-usdt-in-the-united-kingdom\">to Moscow<\/a>. In April 2022, <span data-descr=\\\"Office of Foreign Assets Control\\\" class=\\\"old_tooltip\\\">OFAC<\/span> <a href=\"https:\/\/forklog.com\/en\/news\/hydra-and-the-garantex-cryptocurrency-exchange-sanctioned-by-the-united-states\">imposed sanctions on it<\/a> for handling more than $100 million of illicit funds.<\/p>\n<p>\\n\\n<\/p>\n<p>The Sinbad.io mixer, according to Elliptic, is the <a href=\"https:\/\/forklog.com\/en\/news\/car-theft-via-usb-cable-record-breaking-ddos-attack-and-other-cybersecurity-events\">new version of the Blender.io service<\/a>, also sanctioned by the United States <a href=\"https:\/\/forklog.com\/en\/news\/blender-io-mixer-sanctioned-by-the-united-states\">in May 2022<\/a>. In particular, Lazarus Group used it to launder assets stolen in June 2022 during the <a href=\"https:\/\/forklog.com\/en\/news\/hacker-steals-about-100-million-in-harmonys-horizon-cross-chain-bridge-attack\">hack of the Horizon cross-chain bridge<\/a> of the Harmony protocol. <\/p>\n<p>\\n\\n<\/p>\n<p>From June 2, several user accounts of the <a href=\"https:\/\/forklog.com\/en\/news\/what-are-custodial-and-non-custodial-crypto-wallets\">non-custodial wallet<\/a> Atomic Wallet were compromised, resulting in losses of up to $35 million.<\/p>\n<p>\\n\\n<\/p>\n<p>Subsequently, the stolen funds passed through the Sinbad.io mixer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some of the funds stolen from the Atomic Wallet cryptocurrency wallet ended up on the U.S.-sanctioned Russian bitcoin exchange Garantex.<\/p>\n","protected":false},"author":1,"featured_media":80117,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1535,1470,1125,686,57],"class_list":["post-80116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-elliptic","tag-garantex","tag-lazarus","tag-sanctions","tag-wallets"],"aioseo_notices":[],"amp_enabled":true,"views":"17","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/80116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=80116"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/80116\/revisions"}],"predecessor-version":[{"id":80118,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/80116\/revisions\/80118"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/80117"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=80116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=80116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=80116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}