Reading 3 min Published Updated
Illicit funds from the $35 million Atomic Wallet hack are on the move again, and the sanctioned Russian cryptocurrency exchange Garantex is reportedly the latest to come into contact with the hacked cryptocurrency.
On June 13, blockchain security and compliance company Elliptic updated information about stolen Atomic Wallet funds. It alleges that the North Korean hacking collective Lazarus Group, believed to be behind the attack, used the sanctioned Russian cryptocurrency exchange Garantex to launder the loot.
In a Twitter post, the firm revealed that significant and successful efforts have been made between Elliptic and many exchange partners to freeze the stolen cryptocurrency. However, Lazarus has now found other ways to exchange its assets for Bitcoin (BTC).
After a significant and successful cross-community effort between @ellipticmany of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC… pic.twitter.com/5Lk9DeGjr8
— Elliptic Investigations (@Elliptic_Inv) June 12, 2023
The U.S. Office of Foreign Assets Control (OFAC) sanctioned Garantex and the Russian darknet marketplace Hydra in April 2022.
Garantex was founded in late 2019 and was originally registered in Estonia before moving most of its operations to Moscow, the finance ministry said at the time.
“An analysis of known Garantex transactions shows that more than $100 million worth of transactions are associated with illegal entities and darknet markets,” he added.
Earlier this month, it was reported that ill-gotten gains were channeled through the Sinbad.io mixer, a service frequently used by the Lazarus Group.
Elliptic added that the funds withdrawn by hackers from Garantex continue to be obfuscated through the Sinbad.io mixer.
The Treasury Department also sanctioned Blender.io (formerly Sinbad.io) in May 2022, warning that the service was being used by North Korea to “support malicious cyber activity and money laundering of stolen virtual currency.”
Related: OFAC Sanctions OTC Traders Who Converted Cryptocurrency for North Korean Group Lazarus
On June 3, several Atomic Wallet user accounts were compromised, resulting in losses of up to $35 million in digital assets.
Five days later, Atomic said it had hired blockchain security analytics firm Chainalysis as its lead incident investigator. Cointelegraph reached out to Chainalysis for information about the investigation, but a spokesperson said he could not comment on the atomic wallet case.
The infamous North Korean hacking collective has been linked to several major cryptocurrency exploits in the past year, including the Harmony Bridge hack and the Ronin Bridge hack.