North Korean Hackers Steal $50 Million in Cryptocurrency from Atomic Wallet
Blockchain analysts from Elliptic believe that the recent attack on cryptocurrency wallets Atomic Wallet is the work of the North Korean group Lazarus. The researchers say the victims lost between $35 million and $50 million in cryptocurrencies.
The attack on Atomic Wallet happened last weekend and was discovered after users began to massively complain about the loss of funds. Then the famous blockchain researcher ZachXBT reported that the attacks began on June 2, and during these hacks more than $ 35 million in cryptocurrencies were stolen, including BTC, ETH, Tron, BSC, ADA, Ripple, Polkadot, Cosmos, Algo, Avax, XLM, LTC and Doge. ZachXBT later admitted that the total damage would exceed $50 million.
Analysis Points to North Korean Group Lazarus
As experts from Elliptic now write, their analysis indicates the involvement of the Lazarus hack group in the incident. This appears to be their first major cryptocurrency heist of 2023.
Let me remind you that in the past, such large-scale incidents as the hacking of the Harmony Horizon cross-chain bridge in 2020, as well as the attack on the Ronin sidechain and the hacking of the NFT game Axie Infinity in 2022, were associated with the activity of Lazarus, during which hackers stole more than 600 million dollars.
The Atomic Wallet attack shows that the attackers are still pursuing financial gain, and the stolen funds are being used to fund North Korea’s weapons program, experts say.
Evidence of Lazarus Involvement
“Elliptic identified a large number of victim wallets, which made it possible to trace the stolen funds,” Ellipti analysts write. “Analysis of the transactions allows a high degree of certainty to attribute this hack to the North Korean group Lazarus.”
The company’s report reveals that the first piece of evidence pointing to Lazarus is a strategy to launder stolen assets, which is consistent with the patterns the researchers have observed previously.
The second evidence is the use of the Sinbad cryptocurrency mixer to launder stolen funds, which the group also used after the H bridge was hacked. Armony Horizon. Elliptic has previously said that tens of millions of dollars have passed through Sinbad, stolen by North Korean hackers, who clearly demonstrate trust in this service.
The third and most important piece of evidence that Lazarus was involved in the attack on Atomic Wallet is the fact that a significant amount of the stolen cryptocurrency eventually ended up in wallets where the proceeds from previous Lazarus hacks are stored and which allegedly belong to members of the group.
Conclusion
The attack on Atomic Wallet is yet another example of the North Korean group Lazarus’ ability to successfully target and steal cryptocurrency. The stolen funds are likely being used to fund North Korea’s weapons program, and the hackers have shown an ability to launder the funds using cryptocurrency mixers. Elliptic’s analysis indicates a high degree of certainty that Lazarus is behind the attack, and the company’s report reveals the evidence that points to the group’s involvement.