PeckShieldAlert has shared details of the month-long Atomic Wallet hack research compiled by on-chain researcher ZachXBT, and MyCrytpo.com founder Taylor Monahan. The blockchain security company asserted that as per the researchers, the hacking pattern resembled that of North Korea’s Lazarus Group.
PeckShieldAlert, took to Twitter to share the insights on the Atomic Wallet drainer:
#PeckShieldAlert @tayvano_ and @zachxbt have researched that the #AtomicWallet Drainer has a laundering pattern resembling that of North Korea’s #Lazarus Group
— PeckShieldAlert (@PeckShieldAlert) June 27, 2023
They have already laundered at least $12M worth of $ETH through the peel chain layering process and bridged them via the… pic.twitter.com/P99cpkyWCp
As per the researchers, the hackers are said to have already laundered $12 million in the decentralized blockchain Ethereum’s native Ether (ETH) token via the peel chain layering process and then bridged via the AVAX bridge. They converted ETH to the leading crypto Bitcoin (BTC) through the decentralized perpetual exchange GMX and converted the stolen money from ETH to BTC.
Taylor Monahan tweeted that the magnitude of the Atomic Wallet hack is in the $67 million to $100 million range. Further, in a June 4 tweet, Monahan requested Atomic Wallet to inform its users to move funds, shut down their infra, prevent logging in, revoke systems’ access, rotate keys, and seek services of a professional.
Onchain sleuth ZachXBT initially proclaimed in a June 4 tweet that the single largest victim ended up losing 2.4 million USDT, which then got updated to $3.5 million (1897 ETH), and finally peaked at 7.95M USDT coupled with multiple other 6-figure losses on various blockchains. ZachXBT shared further details on the observations made by Taylor Monahan along with the initial list of stolen funds’ addresses in a tweet.
Notably, Taylor Monahan asserted in a June 4 tweet that the earliest transaction date is June 2, 2023. The crypto entrepreneur also threw light on the on-chain drains, stating that sweeping of each token and its base asset was done first from the address of the victims to a new address.
Then, the hacker swapped all the tokens via the decentralized crypto exchanges UniSwap, MM Swaps, SunSwap, etc. for the base asset. Finally, the hacker swept the balance of the base asset in question to another new address. Monahan also shared details in a tweet of the addresses that got their funds stolen.