Elliptic Atomic Wallet hackers now using Garantex, which is under OFAC sanctions.

Illicit funds obtained from the $35 million Atomic Wallet hack are once again being transferred, with the Russian-based crypto exchange Garantex, which is under sanctions, reportedly becoming the latest to come in contact with the stolen crypto.

On June 13, Elliptic, a blockchain security and compliance firm, provided an update on the situation regarding the stolen Atomic Wallet funds. It alleges that the North Korean hacking group, the Lazarus Group — which it believes is behind the attack — has used sanctioned Russian-based crypto exchange Garantex to launder the stolen crypto.

In a tweet, the firm stated that there had been a significant and successful cross-community effort between Elliptic and many exchange partners to freeze the stolen crypto. However, Lazarus has now found other means to trade its assets for Bitcoin ( BTC ).

After a significant and successful cross-community effort between @elliptic , many of our exchange partners and friends to freeze stolen @AtomicWallet funds, Lazarus have now turned to OFAC-sanctioned Exchange, Garantex, to trade their assets for BTC… pic.twitter.com/5Lk9DeGjr8

— Elliptic Investigations (@Elliptic_Inv) June 12, 2023

The U.S. Office of Foreign Assets Control (OFAC) sanctioned Garantex and the Russian Hydra dark web marketplace in April 2022.

Garantex was founded in late 2019 and originally registered in Estonia before moving the majority of its operations to Moscow, the Treasury Department noted at the time.

“Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets,” it added.

Earlier this month, Cointelegraph reported that the stolen funds were being channeled through the Sinbad.io mixer , a service frequently used by the Lazarus Group.

Elliptic added that the hackers continue to obfuscate the funds withdrawn from Garantex through the Sinbad.io mixer.

The Treasury Department also sanctioned Blender.io (the former iteration of Sinbad.io) in May 2022, warning that the service was being used by North Korea to “support its malicious cyber activities and money-laundering of stolen virtual currency.”

Related: OFAC sanctions OTC traders who converted crypto for North Korea’s Lazarus group

On June 3, a number of Atomic Wallet user accounts were compromised, resulting in losses of up to $35 million in digital assets.

Five days later, Atomic stated that it had engaged blockchain security and analyst company Chainalysis as the leading incident investigator. Cointelegraph reached out to Chainalysis for an update on the investigation, but a spokesperson said they couldn’t comment on the Atomic Wallet case.

The notorious North Korean hacking group has been linked to several major crypto exploits in the past year, including the Harmony Bridge hack and the Ronin Bridge hack.

Magazine: Huawei NFTs, Toyota’s hackathon, North Korea vs. Blockchain: Asia Express