On April 29, Rain cryptocurrency exchange encountered a potential breach, resulting in the transfer of around $14.1 million worth of various cryptocurrencies to a new wallet under dubious circumstances, as per a report dated May 13 by on-chain analyst ZachXBT.
ZachXBT relayed this information through their Telegram channel, specifying the breach date as April 29. It involved suspicious withdrawals from Rain’s Bitcoin (BTC), Ethereum (ETH), Solana (SOL), and XRP wallets. These funds were rapidly moved to instant exchanges, converted into Bitcoin and Ethereum, and then forwarded to two addresses on the Bitcoin and Ethereum networks.
ZachXBT Uncovers Suspicious Outflows from Rain Exchange Following April 29 Exploit
The Ethereum address, ending in “6c28,” presently holds around 1,881 ETH, valued at $5.5 million. Concurrently, the Bitcoin address ending in “prp2” contains 137.9 BTC, valued at $8.6 million.
Data from Arkham Intelligence indicates that the Ethereum destination address received its funds from an address ending in “d609,” which, in turn, received funds from various Bitgo multi-signature wallets. Although Arkham hasn’t explicitly linked these wallets to Rain, they were involved in transferring over 590 ETH ($1.7 million), about 20 billion Shiba Inu ($481,000), 12,500 Chainlink ($169,000), $240,000 Tether (USDT), and $500,000 USD Coin (USDC). These tokens were swiftly exchanged for ETH on Uniswap. Moreover, the Uniswap account received funds from a Binance hot wallet.
Rain, a centralized crypto exchange headquartered in Bahrain, primarily caters to customers in Southwest Asia and the Middle East. According to regional news outlet The National, Rain has facilitated trading volumes surpassing $1 billion since its inception.
However, Rain’s “pro” version has experienced intermittent downtime since May 5, as indicated on Rain’s website.
In 2023, Rain received approval from Abu Dhabi’s financial regulator to operate as a virtual asset brokerage and custody service provider.
ZachXBT Alleges Lazarus Group’s Crypto Laundering
In recent updates, ZachXBT has made significant claims, including allegations suggesting that North Korea’s Lazarus Group laundered approximately $200 million worth of cryptocurrency into fiat currency within a span of four years.
As per ZachXBT’s analysis, at least $44 million worth of pilfered crypto has been laundered through Paxful and Noones, leveraging two usernames, “EasyGoatfish351” and “FairJunco470,” which displayed deposits and trading volumes aligning with the stolen funds.
Reportedly, the stolen assets were converted into Tether (USDT) stablecoin before being swapped for cash and withdrawn. The Lazarus Group has typically relied on China-based over-the-counter traders for crypto-to-fiat conversions.
Furthermore, ZachXBT noted a case where a holder of Bored Ape Yacht Club tokens fell prey to a phishing attack, resulting in the loss of three rare NFTs – BAYC #7531, BAYC #6736, and BAYC #2100.
Last year, crypto investors collectively lost $2 billion to hacks and exploits in the crypto industry, with an additional $333 million stolen in the first quarter of this year.