XRP Forensics released information about the stolen funds’ transition from Atomic Wallet earlier this month.
The detail revealed that the hackers transferred over 22 million tokens from the XRP Ledger (XRPL) to multiple blockchains. The attack on the wallet impacted about 700 XRP accounts on the ledger.
Hackers Used Multiple Crypto Exchanges To Launder Stolen Funds
The XRPL team, the special crypto intelligence provider of XRPL, gave more insight into its findings. The team had kept a close watch on the movement of the stolen funds from Atomic Wallet and the attackers’ activities.
According to its recent tweet, XRP Forensics disclosed that the hackers followed a complex web of transactions to conceal their tracks. The attackers gathered the funds temporarily to a central account from several victims’ accounts.
Further, the hackers devised many processes to launder the funds diverting the attention of regulatory agencies and possible blacklists. They moved some funds to newly created accounts to conceal their track.
Then they transferred the funds to some crypto exchanges such as HitBTC, KuCoin, Huobi, OKX, WhiteBIT, and MEXC platforms.
They also moved the funds from Orbit Chain Bridge to the Klayton blockchain. They converted the XRP coins to KLAY, the Klayton Network’s native crypto token.
Over 18 Million XRP Moved Through Orbit Bridge
Further insight into the activities of the hackers showed how over 18 million XRP were transited through the Orbit Chain Bridge.
After converting the funds into KLAY, the hackers later swapped the tokens to Ethereum (ETH) before moving the ETH tokens to the Avalanche blockchain, from where they further swapped the coins to BTC.
With the funds status still remaining as BTC, the exploiters transferred the tokens to the Bitcoin network.
According to the details from XRP Forensics, the hackers have successfully moved almost 14 million XRP coins through Orbit Bridge as of June 23, by 9:49 AM (UTC).
The report noted that the bridge halted through ‘hold on to your hats,’ with just about 1010 XRP remaining.
However, the hackers have just 4 million XRP tokens left. They could continue their laundering process on the XRPL to completely remove all the stolen funds from view.
The overall activities from the hackers indicated that they laundered up to 22.18 million XRP coins. They used Orbit Bridge to launder about 18 million XRP tokens.
On June 3, Atomic Wallet was attacked due to some vulnerabilities discovered on the wallet.
According to an explanation of the incident on Twitter by Halborn, the technique used in the wallet attack is similar to those often used by the notorious North Korean hacker, the Lazarus Group.
So, the group could be responsible for the attack that drained over $35 million worth of crypto assets from several users.