The hackers, believed to be the Lazarus group, have used chain hopping numerous times after successful heists.
After making off with $35 million worth of ill-gotten crypto, the hackers who targeted Atomic Wallet earlier this month have covered their on-chain tracks using the cross-chain liquidity protocol THORChain.

According to the crypto tracking platform MistTrack, the hacker’s address transferred 503 Ether (ETH) to THORChain over the past two days.

Those funds were then swapped for Bitcoin (BTC) and bridged into a Bitcoin address. In addition, much of the stolen ETH was converted to BTC using the SWFT blockchain.

On-chain sleuth ZachXBT estimated this month that Atomic Wallet users had lost upwards of $35 million in total after receiving numerous reports from users claiming to have had their funds drained. Stolen assets included BTC, ETH, Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB Coin (BNB), and Polygon (MATIC).
Blockchain analytics firm Elliptic later connected the North Korean hacking group Lazarus to the theft, after stolen funds were laundered through Sinbad.io – a coin mixer used by the group.
The following week, hackers transferred some of the stolen assets to the Russian crypto exchange Garantex, which is sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). Before that, hackers used 1INCH to exchange their assets for USDT.
Lazarus Group hackers have used chain-hopping numerous times to conceal funds. After the $600 million Ronin bridge hack last year, the group used the REN protocol and other CEXs to move their stolen assets over to Bitcoin.

Leave a Reply

Your email address will not be published. Required fields are marked *

WP Twitter Auto Publish Powered By : XYZScripts.com