- On-chain data has shown millions of XRP stolen in an Atomic Wallet hack leaking to exchanges.
- Binance received at least 280,000 XRP and over 200,000 tokens to KuCoin, WhiteBit, OKX, and Huobi Global. Some moved through MEXC.
- Forensics experts and CEXes are working together to freeze as many assets connected to the exploit as possible.
Atomic Wallet hackers have been spotted laundering huge sums of Ripple (XRP) tokens through centralized exchanges (CEXes). The news follows a report by XRP Forensics. Meanwhile, the remittance token is among the altcoins enjoying the Bitcoin optimism after BTC breached $30,000 on June 21.
Atomic Wallet hackers discovered shipping millions of XRP
Atomic Wallet exploiters have been discovered moving huge loads of illegally acquired XRP tokens through exchanges. According to recent insights by XRP Forensics, Binance, KuCoin, WhiteBit, OKEx, Huobi Global, and MEXC are some of the CEXes that have provided getaway avenues for the looters.
XRP Forensics is a team of dedicated forensics experts serving to prevent and counter financial crime on the XRP Ledger (XRPL). According to the team, the exploiters started moving the funds on Monday, generating new blockchain addresses in a strategy meant to circumvent blocklists established by crypto exchanges.
Cycling through exchanges to find new possible places to get rid of stolen XRP. Been through KuCoin, Huobi, WhiteBIT, SWFT, HitBTC and others, and now have had luck at what we believe is MEXC . Notice the small bites most recently on the chart. They still have ~18M left https://t.co/U5OsUMrAaW pic.twitter.com/0f0gsuzdKx
— XRP Forensics (xrplorer.com) (@xrpforensics) June 21, 2023
Based on the report, more than 280,000 XRP tokens were sent to Binance Exchange. Furthermore, upwards of 200,000 Ripple tokens were sent to several other exchanges, including KuCoin, WhiteBit, OKX, and Huobi Global, whose founder has recently sued the exchange he founded. The forensics team also suspects that some funds are moving through MEXC.
The XRP Forensics team also committed to recovering the stolen tokens, revealing a collaboration with the concerned platforms. In their words:
We are monitoring and working closely with exchanges to try and seize as much as possible.
True to their words, more revelations have come to light, with Wednesday reports showing the “leaking” of funds through the decentralized bridge, Orbit, where an additional three million XRP tokens were quickly laundered.
3+ million through this bridge. pic.twitter.com/OMR1FNRhfr
— XRP Forensics (xrplorer.com) (@xrpforensics) June 21, 2023
WhiteBit, one of the exchanges affected by the cyberattack, said in a statement on June 30 that it has blocked 700 addresses which may be linked to malicious transactions and that it was able to freeze part of the stolen funds, without specifying the amount.
Atomic Wallet hackers alleged connection to North Korean Lazarus group
Atomic Wallet hackers have been linked to the infamous North Korean Lazarus group, with blockchain forensics experts at Elliptic tracing up to $35 million to a coin mixer that the Lazarus Group often uses to launder crypto assets. Notably, the stolen funds were being swapped for Bitcoin (BTC) before being laundered through ‘Sinbad.io.’
The Lazarus Group is notorious for leveraging blockchain bridges to move stolen funds. In a recent finding, MistTrack discovered this group of exploiters laundering 503.08 Ethereum (ETH), also stolen via THORChain, a cross-chain liquidity protocol. Like in the Elliptic case, the hackers are still converting their loot to BTC.
For example:
— MistTrack️ (@MistTrack_io) June 20, 2023
According to @MistTrack_io monitoring, the hacker address (0xad3c...1e44) transferred 503.08 $ETH to @THORChain in the last two days and swap for $BTC, then bridged to the BTC address (bc1q...k2xm). pic.twitter.com/Y0N7uptxg7
The group also used SwftCoin to bridge Ether to multiple Bitcoin addresses. The Russian crypto exchange Garantex has also been cited among the avenues used to liquidate the Lazarus Group’s assets despite the platform being commissioned by the Office of Foreign Assets Control (OFAC) operating under the US Treasury Department.
After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC... pic.twitter.com/5Lk9DeGjr8
— Elliptic Investigations (@Elliptic_Inv) June 12, 2023
The switch to Garantex came as several crypto exchanges came together to freeze funds related to the hack.
(This story was updated on June 30 to add WhiteBit's action after the cyberattack.)
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.
Recommended Content
Editors’ Picks
Crypto Today: Bitcoin is less than 10% away from all-time high as Ethereum ETF approval anticipation brews
Bitcoin trades around $68,000 early on Monday, less than 10% away from its all-time high of $73,777 on Binance. Ethereum ETF anticipation brews among traders and Ether investment products see inflow of over $45 million in the past week.
Ripple lawsuit settlement likely soon, says Brad Garlinghouse, XRP hovers around $0.60
Ripple (XRP) trades around a key psychological level of $0.60, early on Monday. The altcoin recently made headlines for its highest weekly gain of 2024, over 40%. XRP sustained nearly 21% of the gains from the last seven days.
Solana could cross $200 if these three conditions are met
Solana’s total value locked climbs 18% in July to $5.38 billion, as seen on DeFiLlama. Solana sustains over 20% gains in the past seven days, corrects nearly 3% on Monday. Active addresses and new address count in the Solana network have increased throughout July.
ALT, WLD, ENA, ID set for $200 million token unlocks next week
The crypto market is set to experience another wave of token unlocks next week, with Altlayer (ALT), Worldcoin (WLD), Ethena (ENA), and Space ID (ID) set for a combined token unlock worth about $200 million.
Bitcoin: Will BTC continue its bullish momentum?
Bitcoin (BTC) price increased by 5.5% this week until Friday after breaking above a descending trendline. Currently, it is trading slightly higher by 0.23% at $64,166.