XRP Forensics gives a detailed breakdown of how the Atomic Wallet hackers moved over 22 million XRP from the XRP Ledger (XRPL) to several blockchains.
The recent Atomic Wallet hack, which occurred on June 3, sent shockwaves through the crypto community. The hack also affected the XRP Ledger (XRPL), as previously reported by The Crypto Basic, resulting in the breach of 700 XRPL accounts.
XRP Forensics, the Forensics division of XRPL-based analytical resource xrplorer, has been diligently tracking the movements of the stolen funds and shedding light on the hacker’s techniques.
In a recent tweet, XRP Forensics provided an insightful breakdown of how the exploiters moved the ill-gotten gains within the XRPL ecosystem. The tweet revealed a complex web of transactions involving victim accounts, the initial account responsible for the theft, and a central amalgamation account.
This is what the Atomic hack looks like on the XRPL. pic.twitter.com/oquXIaJYuj
— XRP Forensics (xrplorer.com) (@xrpforensics) June 23, 2023
The hackers employed a multi-step process to obfuscate the origins of the stolen funds. Initially, the funds were consolidated into a central amalgamation account.
From the account, the hackers attempted various methods to launder the funds, including transferring them to new accounts and testing several exchanges. These efforts were aimed at avoiding detection and circumventing advisory lists.
Some of the earliest laundering was a bit more chaotic, as they tested several exchanges, ran into walls, tried to move to fresh accounts etc to avoid advisory lists pic.twitter.com/HvhgdBi6lo
— XRP Forensics (xrplorer.com) (@xrpforensics) June 23, 2023
However, the laundering process eventually settled into a more streamlined approach. The funds were moved through the Orbit Chain bridge to the Klaytn blockchain. The bridge facilitated the conversion of XRP to KLAY, the native cryptocurrency of the Klaytn network.
18M+ XRP Moved Via Orbit Chain Bridge
Subsequently, the KLAY was converted to Ethereum (ETH) before being transferred to the Avalanche blockchain. Finally, the hackers swapped the funds to Bitcoin (BTC) and moved them to the Bitcoin network.
XRP Forensics revealed that approximately 14 million XRP had been successfully moved through the bridge as of June 23, 9:49 AM (UTC). However, their investigations indicated that the bridge had stopped with around 1010 XRP remaining.
With only approximately 4 million XRP left, it was anticipated that the hackers would conclude their “cleaning up” operations on the XRPL by the end of the day.
Five hours later, the hackers managed to move a staggering 22.18 million XRP. Of this value, they funneled 18 million XRP through the Orbit Chain bridge.
The implications of this incident prompted XRP Forensics to raise essential questions about the benefits and dangers of bridges on the XRPL and the measures that can be taken to prevent similar points of exit in the future.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
