North Korean hackers linked to Atomic Wallet crypto hack
Crypto researchers say North Korean state-backed hackers are likely behind a recent hack on Atomic Wallet customers, resulting in millions of dollars in estimated losses.
Estonia-based Atomic Wallet is a non-custodial decentralized wallet, which means users are responsible for the assets they store. The company, which supports over 500 coins and tokens, including Bitcoin and Ethereum, claims more than five million users of its software worldwide.
Atomic confirmed on June 3 that it had received reports of compromised wallets and had begun investigating the issue. An update posted on June 5 said that less than 1% of its monthly users — thought to be around 50,000 individuals — appeared to be affected by the hack. According to the self-styled on-chain sleuth @ZachXBT, hackers stole an estimated $35 million in various cryptocurrencies, with just one victim losing almost 10% of the stolen total.
For its part, Atomic hasn’t said how many users are affected or how much money might have been stolen, nor has it said who might be behind the attack. Atomic did not respond to TechCrunch’s questions.
However, blockchain analysis firm Elliptic said this week that it assesses with a “high level of confidence” that the North Korea-backed hackers known as the Lazarus Group are behind the Atomic Wallet hacks. Its analysis of the hack said the laundering of the stolen crypto assets followed “a series of steps that exactly match those employed to launder the proceeds of past hacks perpetrated by Lazarus Group.”
Elliptic also discovered that the hackers are laundering the stolen assets through Sinbad, a crypto mixer that allows owners to conceal the source of their crypto funds. Elliptic said Sinbad, believed to be a rebrand of the sanctioned Blender.io mixer, was previously used to launder the proceeds of past hacks perpetrated by the Lazarus Group.
In May 2022, the U.S. Treasury sanctioned Blender.io, warning that the service was being used by North Korea to “support its malicious cyber activities and money-laundering of stolen virtual currency.” Treasury officials said at the time that the Lazarus Group used the mixer to launder more than $20 million worth of the $625 million in cryptocurrency it stole from the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity.
@ZachXBT noted that the laundering patterns seen in the Atomic Wallet hacks are similar to those observed last year in the Ronin Network hack, and the theft of $100 million in cryptocurrency from Harmony Horizon Bridge.
It’s not yet known how Atomic was compromised, and it’s unclear if affected users will be compensated.
Atomic said in its latest update that the company “is committed to helping as many victims of the recent exploit as possible” and has engaged third parties to help “trace stolen funds and liaise with exchanges and authorities.”
In May, U.S. officials announced new sanctions against North Korea related to its army of illicit IT workers that have fraudulently gained employment to finance the regime’s weapons of mass destruction programs. It warned that these “highly skilled” workers secretly worked in various positions and industries, mainly on cryptocurrency projects, to launder illicitly obtained funds back to the North Korean government.