Share this article

Atomic Wallet Hackers Use THORChain to Conceal Stolen $35M Funds

The hackers, believed to be North Korean hacking group Lazarus, have been using cross-chain bridges and liquidity protocols to mix stolen funds.

By Oliver Knight|Edited by Parikshit Mishra

Updated Jun 20, 2023, 12:21 p.m. Published Jun 20, 2023, 10:55 a.m.

Hackers that targeted crypto wallet Atomic Wallet in a $35 million heist earlier this month have used cross-chain liquidity protocol THORChain to conceal their ill-gotten gains, according to blockchain sleuth MistTrack.

MistTrack states that 503.08 ether (ETH), or around $870,000, connected to the hack was transferred to THORChain in the last two days before being swapped for bitcoin (BTC).

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the Crypto Long & Short Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Some of the stolen ether was also bridged to multiple bitcoin addresses using the Swft blockchain, MistTrack said.

Last week, the hackers moved a portion of stolen funds to crypto exchange Garantex, which was sanctioned by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury last April.

Blockchain security firm Elliptic said that it believes North Korean hacking group Lazarus are behind the attack.

THORChain's native token (RUNE) remains stable following the string of hack-related transactions, it trades at 84 cents having risen slightly in the past 24-hours, according to CoinMarketCap.

On-chain Data Atomic wallet Hack Lazarus group

Oliver Knight

Oliver Knight is the co-leader of CoinDesk data tokens and data team. Before joining CoinDesk in 2022 Oliver spent three years as the chief reporter at Coin Rivet. He first started investing in bitcoin in 2013 and spent a period of his career working at a market making firm in the UK. He does not currently have any crypto holdings.