Following the theft of more than $35 million from users of cryptocurrency wallet Atomic Wallet, hackers have funnelled funds through Garantex. The Russian exchange was sanctioned by OFAC last year. We take stock of the situation.
Funds stolen from Atomic Wallet users flow through Garantex
Earlier this month, several users of the Atomic Wallet cryptocurrency wallet got the unpleasant surprise of seeing their funds emptied.
Initially reported at over $14 million, on-chain detective ZachXBT’s estimates are now in excess of $35 million. In addition, these attacks could be attributed to the North Korean hacker group Lazarus, due to similarities with the Ronin and Harmony bridges hacks in the way stolen funds are laundered:
Update:
Atomic Wallet Hack appears to potentially have been done by Lazarus Group/DPRK
(seeing lots of similarities in the laundering patterns to Ronin + Harmony)
– ZachXBT (@zachxbt) June 6, 2023
At the same time, blockchain analysis firm Elliptic is reaching the same conclusions, and has identified movements towards Garantex, a Russian cryptocurrency exchange sanctioned by the Office of Foreign Assets Control (OFAC) in April 2022.
This choice was reportedly motivated by the fact that Elliptic exchanged with numerous partner platforms to freeze the stolen funds:
After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC… pic.twitter.com/5Lk9DeGjr8
– Elliptic Investigations (@Elliptic_Inv) June 12, 2023
So, in the illustration shared by Elliptic, we can see several hundred thousand dollars of cryptocurrencies converted into USDT via the aggregator 1inch by means of several transactions, all brought together on Garantex.
At the same time, the funds stolen in BTC are laundered through the Bitcoin mixer Sinbad.
Teams that don’t communicate much
Since 3 June, when the hack was made official, the Atomic Wallet teams have provided very little information. On the other hand, they announce that only less than 1% of their monthly active users would be affected, but without providing any further details on a possible compensation plan for the time being:
Atomic is committed to helping as many victims of the recent exploit as possible. We’ve engaged @chainalysis a leading Crypto Incident Investigator. To trace stolen funds and liaise with exchanges and authorities.
– Atomic – Crypto Wallet (@AtomicWallet) June 7, 2023
Atomic Wallet also announced last Thursday that it had hired Chainalysis to trace the funds and liaise with the various platforms involved and the authorities.
Although some of the stolen assets appear to have been frozen and others recovered, it is currently difficult to determine the final losses suffered by users. Even in the event of a positive outcome, this episode could still have a lasting impact on investor confidence in Atomic Wallet, where critical flaws have been reported in the past.
