Analysts believe the hackers are affiliated with the Lazarus Group of North Korea
Atomic Wallet hackers transfer stolen funds through the Garantex cryptocurrency exchange. Experts from Elliptic, a cybersecurity company, also discovered this. Several exchanges have frozen addresses related to the incident. But the stolen assets were routed to a platform listed last year by the U.S. Treasury Office of Foreign Assets Control (OFAC) on its sanctions lists.
Earlier, Elliptic reported that the Atomic Wallet hacker used cryptomixer Sinbad.io to launder stolen funds. Analysts stressed that this service is popular with Lazarus Group hackers from North Korea. And based on that, they believe the incident is related to the DPRK.
Also Elliptic has now clarified that the stolen assets were first exchanged through an intranet tool from the 1inch project. And then they were transferred to the Garantex exchange, where they were then exchanged for Bitcoins and redirected to cryptomixer Sinbad.
Elliptic noted that thanks to the company’s proactive actions, many crypto platforms blocked addresses. Which are related to Atomic hacking. “Lazarus has now turned to OFAC-sanctioned exchange Garantex to exchange their assets for BTC,” the analysts said in a statement.
Our experts note that OFAC sanctioned Garantex in April 2022 at the same time as the darknet marketplace Hydra. OFAC said the exchange was “deliberately ignoring its obligations” to combat money laundering and terrorist financing.