Atomic Wallet Attackers Funnel Part Of $35 Million Loot Through Sanctioned Garantex Exchange


  • The hackers suspected to be North Korea’s Lazarus group moved stolen funds from Atomic Wallet through Garantex, Elliptic reported.
  • Atomic Wallet was hacked of several cryptos including BTC, ETH, USDT, DOGE, LTC, BNB, and MATIC to the tune of $35 million.
  • Lazarus hackers swapped a portion of the stolen funds to BTC using 1inch and Garantex before laundering the assets through crypto tumbler Sinbad.

The hackers behind this month’s $35 million attack on crypto wallet Atomic Wallet moved some of the stolen funds to Garantex, a crypto exchange sanctioned by the Office of Foreign Assets Control (OFAC).

Atomic Wallet Hacked, $35 Million In Bitcoin And Cryptos Stolen

On June 3, hackers believed to be part of the notorious North Korean cyberterrorist group Lazarus stole several crypto assets from Atomic Wallet. The stolen assets including Bitcoin (BTC), Ether (ETH), Tether (USDT), BNB, Dogecoin (DOGE), Litecoin (LTC), and Polygon (MATIC) were worth around $35 million.

The wallet provider said the attack affected less than 1% of its monthly active users and investigations were ongoing to identify the exploit vector. 

Lazarus hackers leveraged decentralized trading service 1inch before sending the stolen assets to OFAC-sanctioned Garantex. The exchange which still operates today was blacklisted by the OFAC for its loose anti-money laundering systems in 2022.

According to Elliptic researchers, the hackers used Garantex to swap the funds for BTC and then sent the assets to crypto tumbler Sinbad for laundering. The hackers were forced to take this route after crypto exchanges froze addresses tied to the Atomic Wallet hack thanks to a “cross-community effort”.

Atomic Wallet Exploiter Locks ETH In Non-Withdrawable Contracts

In a bizarre move, the Atomic Wallet exploiter created 0x/null contracts and deposited ETH worth around $40,000 at current prices. The reason behind the move is unclear as it is impossible to withdraw funds from these 0x/null smart contracts. Coinbase Director Conor Grogan tracked the activity and alerted the crypto Twitter community on Tuesday.