Lazarus Laundering Atomic Wallet Funds Through Garantex

Reading Time: 2 minutes
  • Atomic Wallet hackers have engaged the services of a sanctioned crypto exchange to move stolen funds
  • The occurrence comes just days after the malicious group was caught obfuscating the trail of funds using a crypto mixer
  • Blockchain security platform Elliptic noted that the move may be due to the wallet working with security platforms and exchanges to track and freeze funds

The Atomic Wallet hackers Lazarus have engaged the services of Garantex, a sanctioned cryptocurrency exchange, to move stolen funds. The revelation comes a few days after the hackers were caught obfuscating the trail of the ill-gotten wealth using the Sinbad crypto mixer. According to blockchain intelligence firm Elliptic, the hackers may be running out of options since Atomic is working with relevant players in the industry to track and freeze funds.

$100 Million Laundered in Less Than Three Years

Elliptic revealed that Lazarus is using the sanctioned exchange to convert all stolen funds to Bitcoin (BTC) as well as withdrawing funds from the exchange to mixing service Sinbad to increase the anonymity of the receiver:

According to the United States Office of Foreign Assets Control (OFAC), Garantex was sanctioned after an analysis of its transactions indicated that malicious actors have used it to move more than $100 million in less than three years.

Last week, the blockchain intelligence firm said that the notorious North Korean hacking outfit Lazarus was likely responsible for the Atomic security breach. The Lazarus hacking group was also behind the Ronin and Harmony hacks. However, Huobi has managed to freeze 124 BTC from the Harmony hack.

Atomic Engages Chainalysis

Atomic has already engaged the leading blockchain security firm Chainalysis to help track the funds. Another crypto platform, BagerDAO, has also in the past engaged the blockchain intelligence platform to help recover over $120 million siphoned from the platform. According to Chainalysis, stolen funds mainly find their way into centralized exchanges, which may be due to the low liquidity levels of decentralized exchanges.

With the hackers combining a crypto mixer and a sanctioned crypto exchange, it’s almost certain that they don’t intend to voluntarily return the funds.