Rain cryptocurrency exchange experienced a potential exploit on April 29, which transferred approximately $14.1 million worth of various cryptocurrencies to a new wallet under suspicious circumstances, according to a May 13 report from on-chain analyst ZachXBT.
ZachXBT shared the information via their Telegram channel, noting that the exploit occurred on April 29. It entailed suspicious outflows from Rain’s Bitcoin (BTC), Ethereum (ETH), Solana (SOL), and XRP wallets. Funds from these wallets were swiftly transferred to instant exchanges, exchanged for Bitcoin and Ethereum, and then transferred to two addresses on the Bitcoin and Ethereum networks.
ZachXBT Uncovers Suspicious Outflows from Rain Exchange Following April 29 Exploit
The Ethereum address, with the ending suffix “6c28,” currently holds approximately 1,881 ETH, valued at $5.5 million. Meanwhile, the Bitcoin address ending in “prp2” holds 137.9 BTC, valued at $8.6 million.
Arkham Intelligence data reveals that the Ethereum destination address received its funds from an address ending in “d609,” which, in turn, received the funds from various Bitgo multi-signature wallets. Arkham has not explicitly attributed these wallets to Rain, however.
Although these wallets have not been explicitly identified as belonging to Rain, they were involved in sending over 590 ETH ($1.7 million), approximately 20 billion Shiba Inu ($481,000), 12,500 Chainlink ($169,000), $240,000 Tether (USDT), and $500,000 USD Coin (USDC). These tokens were promptly swapped for ETH on Uniswap. Additionally, the Uniswap account received funds from a Binance hot wallet.
Rain, a centralized crypto exchange based in Bahrain, primarily serves customers in Southwest Asia and the Middle East. Since its establishment, Rain has facilitated trading volumes exceeding $1 billion, according to regional news outlet The National.
The exchange’s “pro” version has been intermittently down since May 5, according to Rain’s website, however.
In 2023, Rain obtained approval from Abu Dhabi‘s financial regulator to operate as a virtual asset brokerage and custody service provider.
ZachXBT Alleges Lazarus Group’s Crypto Laundering
In recent posts, ZachXBT has made other substantial claims, including allegations that North Korea’s Lazarus Group laundered $200 million worth of cryptocurrency into fiat currency over a four-year period.
According to ZachXBT’s analysis, at least $44 million worth of stolen crypto has been laundered through Paxful and Noones, utilizing two usernames, “EasyGoatfish351” and “FairJunco470,” which exhibited deposits and trading volumes corresponding to the stolen funds.
1/ How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020 – 2023https://t.co/s8zNFwlamb
— ZachXBT (@zachxbt) April 29, 2024
The stolen funds were reportedly converted into Tether (USDT) stablecoin before being exchanged for cash and withdrawn. The Lazarus Group has historically relied on China-based over-the-counter traders for crypto-to-fiat conversions.
Additionally, ZachXBT reported that a holder of Bored Ape Yacht Club tokens fell victim to a phishing attack, losing three rare NFTs – BAYC #7531, BAYC #6736, and BAYC #2100.
Crypto investors lost $2 billion to hacks and exploits in the crypto industry last year, and an additional $333 million was stolen in the first quarter of this year.
Read the full article here