In a stunning turn of events earlier this month, the cryptocurrency safehouse, Atomic Wallet, fell victim to a massive cyber heist, with the culprits absconding with a staggering $35 million. The digital bandits, employing sophisticated techniques, exploited the cross-chain liquidity protocol, THORChain, to camouflage their ill-obtained fortune, as revealed by the blockchain detective, MistTrack.
Ethereum and the THORChain Connection
MistTrack’s investigation unearthed that a sum of 503.08 Ether (ETH), equivalent to approximately $870,000, linked to the breach, was funneled into THORChain in the 48 hours preceding the hack. Subsequently, this cache of stolen Ether was exchanged for Bitcoin (BTC).
Adding another layer of intrigue, a fraction of the purloined Ether was funneled into numerous Bitcoin addresses, utilizing the Swft blockchain as a bridge. This action further obfuscated the trail of the stolen funds, making it all the more challenging for investigators to trace, as reported by MistTrack.
In a bold move, the cyber thieves redirected a segment of the stolen assets to the cryptocurrency exchange, Garantex, last week. Interestingly, Garantex had been slapped with sanctions by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury only in the previous April.
MistTrack also alleges the thieves deployed two new smart contracts on the Ethereum network. One for converting ETH to Wrapped ETH, and one to do the opposite. After distributing funds to various wallets, they continued to move money across Ethereum and its Layer-2 networks. That is very similar to the Harmony Bridge hack of 2022.
Suspected Culprits and the Lazarus Group Angle
Notably, Elliptic, a leading blockchain security firm, asserted its belief that the infamous North Korean hacker group, Lazarus, may be the puppet masters behind this audacious cyber assault on Atomic Wallet.
Despite the progress made in unearthing the intricate machinations of the heist, several unknowns continue to shroud the investigation. The true identity of the perpetrators remains elusive, as does a comprehensive understanding of their modus operandi. As the crypto community reels from the implications of this breach, the quest for answers and justice continues.
Please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. CryptoMode is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.