{"id":80486,"date":"2023-06-20T13:13:29","date_gmt":"2023-06-20T10:13:29","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=80486"},"modified":"2025-09-11T17:17:02","modified_gmt":"2025-09-11T14:17:02","slug":"hackers-use-thorchain-to-launder-atomic-wallet-assets","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-use-thorchain-to-launder-atomic-wallet-assets\/","title":{"rendered":"Hackers Use THORChain to Launder Atomic Wallet Assets"},"content":{"rendered":"<p>Having compromised the non-custodial wallet <a href=\"https:\/\/u1f987.com\/en\/news\/what-are-custodial-and-non-custodial-crypto-wallets\">\u043d\u0435\u043a\u0430\u0441\u0442\u043e\u0434\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0448\u0435\u043b\u0435\u043a<\/a> Atomic Wallet, attackers transferred 503 ETH to the THORChain platform and swapped the assets for Bitcoin, SlowMist researchers noted.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">?MistTrack Alert?<\/p>\n<p>North Korean hackers are using new methods to launder funds linked to the <a href=\"https:\/\/twitter.com\/AtomicWallet?ref_src=twsrc%5Etfw\">@AtomicWallet<\/a> hack.<\/p>\n<p>Recap?<a href=\"https:\/\/t.co\/IjjbPZ7j1c\">https:\/\/t.co\/IjjbPZ7j1c<\/a><\/p>\n<p>\u2014 MistTrack?\ufe0f (@MistTrack_io) <a href=\"https:\/\/twitter.com\/MistTrack_io\/status\/1671056398384517121?ref_src=twsrc%5Etfw\">June 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>From June 2, a number of Atomic Wallet user accounts <a href=\"https:\/\/u1f987.com\/en\/news\/atomic-wallet-hack-losses-exceed-35-million\">were compromised<\/a>.<\/p>\n<p>Experts differed on the extent of the damage. According to Elliptic, its <a href=\"https:\/\/u1f987.com\/en\/news\/atomic-wallet-hack-losses-exceed-100-million\">amount exceeded $100 million<\/a>. The firm counted more than 5,500 affected wallets. As of June 8, SlowMist had identified 333 compromised addresses with total losses of $21.7 million.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/RRQh1Bs--2ze0Xrb9gCY7YIf39f5hQbcem2D3wb-6R1sx7JMxLZJQZfmNwJAlxR8B_xuyO_OJ9T4RYTYwoVKJvCcde3HKBnXZm4aoVxtDA42ZbHcP6uz_oZjOB_-WNwlXtHRK5CsTOOw0HTz2xhH6gw\" alt=\"Hackers used THORChain to launder Atomic Wallet assets\"\/><figcaption class=\"wp-element-caption\">Data: <a href=\"https:\/\/aml.slowmist.com\/events\/atomic_wallet_hacker_statistics\/\">SlowMist<\/a>.<\/figcaption><\/figure>\n<p>Earlier on-chain analysts found that the stolen funds were sent by the hackers to the mixer <a href=\"https:\/\/u1f987.com\/en\/news\/elliptic-atomic-wallet-hacker-sent-assets-to-mixer-used-by-lazarus-group\">Sinbad.io<\/a>, and also to the US-sanctioned Russian <a href=\"https:\/\/u1f987.com\/en\/news\/atomic-wallet-hacker-moves-assets-to-ofac-sanctioned-russian-exchange-garantex\">Bitcoin exchange Garantex<\/a>.<\/p>\n<p>According to SlowMist researchers, the attackers expanded their asset-laundering routes, involving in transactions the multi-chain protocol THORChain and the SWFT Blockchain bridge.<\/p>\n<p>Experts at the firm linked the Atomic Wallet attack to North Korean hackers. Elliptic also noted that Sinbad.io is actively used by the Lazarus Group, a North Korea\u2013linked faction.<\/p>\n<p>Kazakhstan&#8217;s law-enforcement authorities <a href=\"https:\/\/u1f987.com\/en\/news\/atomic-wallet-executives-summoned-for-questioning-by-kazakh-authorities\">have summoned for questioning<\/a> the leadership of Atomic Wallet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The attackers who breached the non-custodial Atomic Wallet transferred 503 ETH to the THORChain platform and swapped the assets for Bitcoin, according to SlowMist.<\/p>\n","protected":false},"author":1,"featured_media":80487,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,57],"class_list":["post-80486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-wallets"],"aioseo_notices":[],"amp_enabled":true,"views":"32","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/80486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=80486"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/80486\/revisions"}],"predecessor-version":[{"id":80488,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/80486\/revisions\/80488"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/80487"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=80486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=80486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=80486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}