Connect with us


Atomic Wallet hackers launder millions of stolen XRP tokens through centralized exchanges



  • On-chain data has shown millions of XRP stolen in an Atomic Wallet hack leaking to exchanges.
  • Binance received at least 280,000 XRP and over 200,000 tokens to KuCoin, WhiteBit, OKX, and Huobi Global. Some moved through MEXC.
  • Forensics experts and CEXes are working together to freeze as many assets connected to the exploit as possible.

Atomic Wallet hackers have been spotted laundering huge sums of Ripple (XRP) tokens through centralized exchanges (CEXes). The news follows a report by XRP Forensics. Meanwhile, the remittance token is among the altcoins enjoying the Bitcoin optimism after BTC breached $30,000 on June 21.

Atomic Wallet hackers discovered shipping millions of XRP

Atomic Wallet exploiters have been discovered moving huge loads of illegally acquired XRP tokens through exchanges. According to recent insights by XRP Forensics, Binance, KuCoin, WhiteBit, OKEx, Huobi Global, and MEXC are some of the CEXes that have provided getaway avenues for the looters.

XRP Forensics is a team of dedicated forensics experts serving to prevent and counter financial crime on the XRP Ledger (XRPL). According to the team, the exploiters started moving the funds on Monday, generating new blockchain addresses in a strategy meant to circumvent blocklists established by crypto exchanges. 

Based on the report, more than 280,000 XRP tokens were sent to Binance Exchange. Furthermore, upwards of 200,000 Ripple tokens were sent to several other exchanges, including KuCoin, WhiteBit, OKX, and Huobi Global, whose founder has recently sued the exchange he founded. The forensics team also suspects that some funds are moving through MEXC. 

The XRP Forensics team also committed to recovering the stolen tokens, revealing a collaboration with the concerned platforms. In their words:

We are monitoring and working closely with exchanges to try and seize as much as possible.

True to their words, more revelations have come to light, with Wednesday reports showing the “leaking” of funds through the decentralized bridge, Orbit, where an additional three million XRP tokens were quickly laundered. 

Atomic Wallet hackers alleged connection to North Korean Lazarus group

Atomic Wallet hackers have been linked to the infamous North Korean Lazarus group, with blockchain forensics experts at Elliptic tracing up to $35 million to a coin mixer that the Lazarus Group often uses to launder crypto assets. Notably, the stolen funds were being swapped for Bitcoin (BTC) before being laundered through ‘’

The Lazarus Group is notorious for leveraging blockchain bridges to move stolen funds. In a recent finding, MistTrack discovered this group of exploiters laundering 503.08 Ethereum (ETH), also stolen via THORChain, a cross-chain liquidity protocol. Like in the Elliptic case, the hackers are still converting their loot to BTC

The group also used SwftCoin to bridge Ether to multiple Bitcoin addresses. The Russian crypto exchange Garantex has also been cited among the avenues used to liquidate the Lazarus Group’s assets despite the platform being commissioned by the Office of Foreign Assets Control (OFAC) operating under the US Treasury Department.  

The switch to Garantex came as several crypto exchanges came together to freeze funds related to the hack.