THORChain Utilized by Atomic Wallet Hackers to Mask Pilfered $35 Million Funds

Crypto Hackers Exploit THORChain to Camouflage Stolen $35 Million Funds

A notorious cybercriminal syndicate, suspected to be the Lazarus group from North Korea, has cleverly leveraged cross-chain bridges and liquidity protocols to obfuscate the origins of their looted fortune.

Recent reports from blockchain investigator MistTrack unveil that the hackers, responsible for the audacious $35 million cryptocurrency heist targeting Atomic Wallet, have strategically employed the cross-chain liquidity platform THORChain to mask their ill-gotten gains. Approximately 503.08 ether (ETH), equivalent to roughly $870,000, associated with the theft, was traced to THORChain within the past 48 hours, where it was subsequently converted to bitcoin (BTC).

To further complicate the tracking efforts, a portion of the pilfered ether was skillfully transferred to multiple bitcoin addresses using the Swft blockchain, as revealed by MistTrack’s investigation. Adding to the complexity, the culprits moved a portion of the stolen funds to the crypto exchange Garantex, which has been subjected to sanctions by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) since April of last year.

Leading blockchain security firm Elliptic has identified the notorious hacking group Lazarus, known for its ties to North Korea, as the likely masterminds behind this audacious attack. Despite the flurry of illicit transactions connected to the hack, the native token of THORChain (RUNE) has remained relatively stable. According to CoinMarketCap, it currently trades at 84 cents, displaying a slight increase in value over the past 24 hours.