Rain cryptocurrency exchange experienced a potential exploit on April 29, with approximately $14.1 million worth of cryptocurrencies being transferred to a new wallet under suspicious circumstances. The exploit involved suspicious outflows from Rain’s Bitcoin, Ethereum, Solana, and XRP wallets, which were then transferred to instant exchanges, exchanged for Bitcoin and Ethereum, and ultimately moved to two addresses on the Bitcoin and Ethereum networks. The Ethereum address currently holds 1,881 ETH, valued at $5.5 million, while the Bitcoin address contains 137.9 BTC, valued at $8.6 million. Arkham Intelligence data reveals that the Ethereum address received its funds from an address ending in “d609,” which received funds from various Bitgo multi-signature wallets, although not explicitly attributed to Rain.
Although the wallets involved in the exploit have not been definitively linked to Rain, they were used to send over 590 ETH, 20 billion Shiba Inu, 12,500 Chainlink, $240,000 Tether, and $500,000 USD Coin. These tokens were quickly swapped for ETH on Uniswap, and the Uniswap account received funds from a Binance hot wallet. Rain, a centralized exchange based in Bahrain catering primarily to customers in Southwest Asia and the Middle East, has facilitated trading volumes exceeding $1 billion since its establishment. The exchange’s “pro” version has been intermittently down since May 5, although the reason for this is not specified. In 2023, Rain received approval from Abu Dhabi’s financial regulator to function as a virtual asset brokerage and custody service provider.
In addition to the Rain exchange exploit, ZachXBT has made other notable claims, including allegations that North Korea’s Lazarus Group laundered $200 million worth of cryptocurrency into fiat currency over a four-year period. ZachXBT’s analysis suggests that at least $44 million of stolen crypto was laundered through Paxful and Noones using the usernames “EasyGoatfish351” and “FairJunco470,” showing deposits and trading volumes corresponding to the stolen funds. The stolen funds were reportedly converted into Tether stablecoin before being exchanged for cash and withdrawn, with the Lazarus Group historically relying on China-based over-the-counter traders for crypto-to-fiat conversions. Additionally, a holder of Bored Ape Yacht Club tokens fell victim to a phishing attack, losing three rare NFTs in the process.
Overall, the crypto industry saw investors lose $2 billion to hacks and exploits last year, with an additional $333 million stolen in the first quarter of this year. These incidents highlight ongoing challenges within the cryptocurrency space, including vulnerabilities that malicious actors can exploit to steal significant sums of digital assets. The allegations of Lazarus Group’s involvement in laundering stolen funds further underscore the need for enhanced security measures and regulatory oversight to protect investors and prevent illicit activities in the crypto market. The Rain exchange exploit serves as a reminder of the risks associated with centralized exchanges and the importance of due diligence when engaging in cryptocurrency trading and investment activities.