Atomic Wallet Hack Connected to North Korean Hacking Group Lazurus

Updated: 07 June 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

The recent hack of cryptocurrency storage and management platform, Atomic Wallet, has been linked to the North Korean hacking group, Lazarus. According to a report by cybersecurity firm, Group-IB, the group is believed to be responsible for a number of high-profile cryptocurrency heists, including the infamous 2018 Coincheck hack, which resulted in the loss of over $500 million worth of cryptocurrency.

The most recent breach on Atomic Wallet, led to the theft of users’ digital assets According to ZachXBT, a fictitious blockchain investigator, the theft of many cryptocurrencies, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), polygon (MATIC), and USDT based on Tron, is thought to have cost roughly $35 million.

Lazarus Group Behind Atomic Wallet Hack

According to blog post by Elliptic, a blockchain compliance analytics business, some of the stolen funds have been converted to Bitcoin and transferred to the cryptocurrency exchange, Sinbad.io. The Lazarus Group, a well-known hacker organization linked to North Korea, is known to use this mixer. Notably, the wallets implicated in the Atomic Wallet attack have connections to wallets linked to previous hacks attributed to the Lazarus Group.”

We’re now confident in attributing the >$35 million Atomic Wallet hack to North Korea’s Lazarus Group: https://t.co/dfSx1iP8Py

— Elliptic Investigations (@Elliptic_Inv) June 6, 2023

In a blog entry published on Tuesday by blockchain intelligence company Elliptic, Lazarus, the notorious North Korean hacking gang, may have targeted Atomic Wallet users.

Lazarus is a North Korean hacker group allegedly supported by the government that stole $1.2 billion from the cryptocurrency market between 2017 and 2022.

The group uses coin mixers to combine Bitcoin payments. Coin mixers allow for the anonymity needed for cryptocurrency transactions by masking the source and destination of the funds.

According to Elliptic’s Investigations Team, Blender.io, a different mixer penalized by the U.S. Treasury Department for laundering more than $100 million in crypto assets taken by the Lazarus Group, is most likely a renamed version of Sinbad.io.

On June 3, Atomic Wallet admitted the breach and stated that the hack impacted less than 1% of its monthly active users. In addition, experts recommend that consumers immediately notify major cryptocurrency exchanges about any unauthorized transfers in order to prevent hackers from swapping their funds. However, Elliptic’s research suggests that it may be too late for some victims, as their funds may have already been mixed and laundered through Sinbad.io.

Atomic Wallet hack funds have just been swapped for USDT and bridged to TRON https://t.co/LU63FROG6X

— Elliptic Investigations (@Elliptic_Inv) June 7, 2023

Atomic Wallet Efforts to Recover Accounts

Earlier this week, Atomic Wallet disclosed that the exploit had affected fewer than 1% of its monthly active customers; however, the community has disputed these claims. Some users have reported losing tokens and transaction data, while others have expressed regret at losing their entire cryptocurrency investments.

Atomic Wallet is a “cold wallet” type of service, meaning that all passwords and data are stored locally on the user’s device rather than on a server, according to the service’s description.

By providing decentralized services, a system like this lowers the risks related to custody or the potential for money loss. However, the most recent hack shows the complexity of security flaws associated with cold wallet-style storage.

To track down and block the stolen funds, Atomic Wallet has collaborated with major exchanges and blockchain analytics firms. However, it has not specified whether law enforcement agencies are involved in the investigation. The platform also needs to identify the exploit’s primary cause.

Additionally, Atomic Wallet has yet to disclose the specifics of its compensation programs to the public.