Share this article
Atomic Wallet Hackers Move Stolen Funds via OFAC-Sanctioned Exchange Garantex: Elliptic
The attackers are believed to be the infamous North Korean hacker group Lazarus, as per blockchain security firm Elliptic.
Updated Jun 13, 2023, 3:07 p.m. Published Jun 13, 2023, 8:16 a.m.
In this article
Attackers behind earlier this month’s $35 million exploit of crypto wallet Atomic Wallet are moving stolen funds via OFAC-sanctioned exchange Garantex, blockchain security firm Elliptic said Tuesday.
Elliptic investigators believe Atomic Wallet was hacked by the infamous North Korean hacking group Lazarus, as previously reported.
STORY CONTINUES BELOW
Last year, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury sanctioned Garentex, stating the exchange had lax anti-money laundering measures and that it allowed “illicit players” to freely move money using the service. However, Garantex continues to operate.
Elliptic security researchers said in a tweet on Tuesday that several crypto exchanges have already frozen addresses related to the Atomic Wallet hack, but some funds have found their way to Garantex.
After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC... pic.twitter.com/5Lk9DeGjr8
— Elliptic Investigations (@Elliptic_Inv) June 12, 2023
These funds were previously exchanged via the on-chain trading tool 1inch, transferred to Garantex, and then traded for bitcoin . The bitcoin was then laundered through Sinbad, a bitcoin mixer service allegedly used by North Korean hacking groups.
Nearly $35 million worth of various tokens were stolen from Atomic Wallet, a centralized storage and wallet service, on June 3. These tokens include bitcoin , ether , tether , , , BNB coin and Polygon's MATIC.
Atomic Wallet said at the time that the impacted users represented “less than 1% of its monthly active users.” Investigations were ongoing as of June 8.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Stripe-Backed Blockchain Tempo Starts Testnet; Kalshi, Mastercard, UBS Added as Partners
Tempo, built by Stripe and Paradigm, has started testing payment-focused blockchain and has onboard a slew of institutional partners.
What to know:
- Stripe and Paradigm’s Tempo blockchain has launched its public testnet for real-world payment testing.
- Kalshi, Klarna, Mastercard and UBS are among a wave of new institutional partners now involved in the project.
- Tempo aims to offer low-cost, fast-settlement infrastructure for global payments as stablecoin adoption is accelerating globally.
Top Stories
