Elliptic Investigations

Following the release of our research linking Huione Guarantee and Huione Pay to the laundering of proceeds of online scams, Tether has blacklisted a TRON address belonging to Huione Pay, freezing $29.6 million. TNVaKWQzau7xL9bcnvLmF9KSEQkWEs4Ug8

Based on the $PLA market price at the time of the thefts, the total value of stolen tokens is $290 million. However, prior to the breaches the circulating supply was only ~577 million, and it's unlikely the hacker could realise anything close to this amount.

A further 1.59 billion $PLA tokens have been stolen from @playdapp_io - by the same exploiter who minted 200 million on Friday: elliptic.co/blog/crypto-ga…

@CarlaRamre83350 Yes absolutely! The above tactics are totally useless against clients who make use of our holistic screening capability for their transaction monitoring. elliptic.co/solutions/holi…

@Elliptic_Inv So do you think you can still track and label the new hacker adress?

1/7 The deployment of these contracts is interesting. Not only does it point to further confluence between the laundering of this hack and the Harmony hack (they did the same back in February) - it shows the importance of taking a holistic approach to transaction monitoring...

7/7 These two tactics, swapping assets and layering complex transactions, are just two examples of typologies we have observed recently associated with Lazarus. To find more about other typologies read our newly-released Typologies Report here. elliptic.co/resources/elli…

6/7 After the swapping assets, Lazarus have moved through a large number of complex hops (splitting and reconsolidating), again a deliberate attempt to obfuscate their source of funds, before bridging their assets to Avalanche through the Avalanche Bridge.

@BradyDale @tayvano_ @zachxbt @elliptic We're aware of reported losses that total more than $100 million twitter.com/Elliptic_Inv/s…

@tayvano_ @zachxbt @elliptic You're saying it's somewhere between $67 and $100M lost just on Atomic Wallet?

Yes, it's still getting bigger. The list @zachxbt and I have been compiling is @ $67m. The list @elliptic has is @ $100m. There's some overlap in data but it's not the same data. Meanwhile, Atomic Wallet still can't be bothered to update the folks they've rekt. 🤬

This includes 10 addresses that have lost more than $1M, and 164 that have lost more than $100k. The median loss is $2.8k

Reported losses from the @AtomicWallet hack are now over $100 million hub.elliptic.co/analysis/north…

@elliptic @AtomicWallet Funds withdrawn as BTC continue to be laundered through Sinbad(Blender?).io.

After a significant and successful cross-community effort between @elliptic, many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC...

..and another TRON account tronscan.org/#/address/TUrm…

Atomic Wallet hack funds have just been swapped for USDT and bridged to TRON tronscan.org/#/address/THfk…

@CoinDesk @baydakova Affected users can reach out to @AtomicWallet at support@atomicwallet.io - information will then be passed to the relevant parties for further investigation.

Atomic Wallet may have been breached by hackers tied to the North Korean Lazarus Group, research firm Elliptic said in a blog post. @baydakova reports trib.al/A6KSzuj

@Thomas_Hunter11 @AtomicWallet Please reach out to @AtomicWallet at support@atomicwallet.io and they will pass the details to the relevant parties for investigation.

@Elliptic_Inv @AtomicWallet My wallet was also drained. BTC hasn't moved since then. bitcoin.atomicwallet.io/tx/2b5fd8df9d3…

The $35 million stolen from @AtomicWallet users is being laundered through Sinbad - the mixer fka(?) Blender and used heavily by NK's Lazarus Group hub.elliptic.co/analysis/35-mi…