Share this article
Atomic Wallet Hackers Move Stolen Funds via OFAC-Sanctioned Exchange Garantex: Elliptic
The attackers are believed to be the infamous North Korean hacker group Lazarus, as per blockchain security firm Elliptic.
Updated Jun 13, 2023, 3:07 p.m. Published Jun 13, 2023, 8:16 a.m.
Attackers behind earlier this month’s $35 million exploit of crypto wallet Atomic Wallet are moving stolen funds via OFAC-sanctioned exchange Garantex, blockchain security firm Elliptic said Tuesday.
Elliptic investigators believe Atomic Wallet was hacked by the infamous North Korean hacking group Lazarus, as previously reported.
STORY CONTINUES BELOW
Last year, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury sanctioned Garentex, stating the exchange had lax anti-money laundering measures and that it allowed “illicit players” to freely move money using the service. However, Garantex continues to operate.
Elliptic security researchers said in a tweet on Tuesday that several crypto exchanges have already frozen addresses related to the Atomic Wallet hack, but some funds have found their way to Garantex.
After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC... pic.twitter.com/5Lk9DeGjr8
— Elliptic Investigations (@Elliptic_Inv) June 12, 2023
These funds were previously exchanged via the on-chain trading tool 1inch, transferred to Garantex, and then traded for bitcoin . The bitcoin was then laundered through Sinbad, a bitcoin mixer service allegedly used by North Korean hacking groups.
Nearly $35 million worth of various tokens were stolen from Atomic Wallet, a centralized storage and wallet service, on June 3. These tokens include bitcoin , ether , tether , , , BNB coin and Polygon's MATIC.
Atomic Wallet said at the time that the impacted users represented “less than 1% of its monthly active users.” Investigations were ongoing as of June 8.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Coinbase Expands Reach of Stablecoin-Based AI Agent Payments Tool
The updated protocol, x402 V2, allows developers to combine payments, enable secure wallet access, and add new features via a clean, modular design.
What to know:
- Coinbase has released the latest version of its stablecoin-based payments protocol for AI agents, making it easier to extend and plug in the autonomous payments system.
- The new version adds wallet-based identity, automatic API discovery, dynamic payment recipients, and support for more chains and fiat.
Top Stories
