Hackers Funnel $35 Million from Atomic Wallet Attack Through Sanctioned Garantex Exchange

The hackers responsible for this month’s $35 million attack on crypto wallet Atomic Wallet have funneled some of the stolen funds to Garantex, a crypto exchange sanctioned by the Office of Foreign Assets Control (OFAC).

Atomic Wallet Hacked, $35 Million in Bitcoin and Cryptos Stolen

On June 4, hackers believed to be part of the infamous North Korean cyberterrorist group Lazarus stole several crypto assets from Atomic Wallet. The stolen assets, including Bitcoin (BTC), Ether (ETH), Tether (USDT), BNB, Dogecoin (DOGE), Litecoin (LTC), and Polygon (MATIC), were worth around $35 million.

The wallet provider stated that the attack affected less than 1% of its monthly active users and that investigations were ongoing to identify the exploit vector.

Lazarus hackers utilized decentralized trading service 1INCH before sending the stolen assets to OFAC-sanctioned Garantex. The exchange, which still operates today, was blacklisted by the OFAC for its lax anti-money laundering systems in 2022.

According to researchers at Elliptic, the hackers used Garantex to swap the funds for BTC and then sent the assets to crypto tumbler Sinbad for laundering. The hackers were forced to take this route after crypto exchanges froze addresses tied to the Atomic Wallet hack due to a “cross-community effort.”

Atomic Wallet Exploiter Locks ETH in Non-Withdrawable Contracts

In an unusual move, the Atomic Wallet exploiter created 0x/null contracts and deposited ETH worth around $40,000 at current prices. The reason behind the move is unclear, as it is impossible to withdraw funds from these 0x/null smart contracts. COINBASE Director Conor Grogan tracked the activity and alerted the crypto Twitter community on Tuesday.