Hackers who targeted Atomic Wallet earlier this month are laundering large sums of stolen XRP through centralized exchanges, on-chain data shows.
- according to xrpforensics on Twitter, the hackers began “heavily laundering funds,” on Monday, spawning new blockchain addresses to avoid blocklists established by crypto exchanges.
- “We’re monitoring and working closely with exchanges to try and seize as much as possible,” said the team.
- At least 280,000 XRP were sent to Binance, with over 200,000 additional units sent to KuCoin, WhiteBit, OKEx, and Huobi Global. The forensics team also suspects that some funds are moving through MEXC.
- On Wednesday, the account noted how funds were “leaking” through the decentralized bridge, Orbit, through which another 3 million XRP were quickly laundered.
- Blockchain forensics experts at Elliptic suspect that the North Korean Lazarus group may have been connected to the Atomic Wallet hack, which stole $35 million from users earlier this month.
- Lazarus has a history of using blockchain bridges to launder their stolen funds. On Tuesday, crypto tracking platform MistTrack found that the hackers moved hundreds of stolen Ether (ETH) through the cross-chain liquidity protocol THORChain, converting their assets into Bitcoin (BTC).
- Hackers also appear to have used the Russian crypto exchange Garantex to liquidate their assets – a platform sanctioned by the US Treasury Department’s Office of Foreign Assets Control (OFAC).