Atomic Wallet Hackers Hide $35 Million Stolen Crypto Funds Using THORChain – Here's What You Need to Know

cryptonews.com:

Hackers that exploited Atomic Wallet for over $100 million earlier this month are using the cross-chain liquidity protocol THORChain to hide their loot. 

According to on-chain data, 503 ETH equivalent to $870,000, associated with the Atomic hack, was moved to THORChain on the 18th and 19th of June and then exchanged for Bitcoin, as reported by blockchain investigator Mist Track.

Most of the proceeds in ETH from the exploit were converted to BTC using the SWFT blockchain.

Blockchain analytics firm Elliptic linked the Atomic Wallet exploit to the infamous North Korean hacker group Lazarus. 

The same group has reportedly attacked multiple crypto exchanges all over the world to drain billions of dollars worth of crypto to fund DPRK’s ballistic missile programs. 

The Atomic Wallet hackers moved some of the stolen funds to crypto exchange Garantex last week. 

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury sanctioned the crypto exchange in April for its ties with Russian darknet marketplace Hydra and for enabling ransomware attackers. 

At the same time, OFAC also announced sanctions against the crypto mixing services Blender and Tornado Cash that the North Korean hackers also used to launder funds. 

Despite being sanctioned, Garantex continues to operate freely. 

As per Elliptic security researchers, many crypto exchanges have already blacklisted addresses linked to the Atomic Wallet hack, but hackers managed to send a portion of the stolen funds to Garantex.

After transferring the funds to the sanctioned crypto exchange, the hackers traded the funds for bitcoin and then laundered them through the bitcoin mixer service provider Sinbad. 

This is not the first time that the North Korean Lazarus group has