North Korean Gang Lazarus May Be behind Atomic Wallet Hack

Blockchain analysts from Elliptic believe that the recent attack on cryptocurrency wallets Atomic Wallet is the work of the North Korean group Lazarus. The researchers say the victims lost between $35 million and $50 million in cryptocurrencies.

The attack on Atomic Wallet took place last weekend and was discovered after users began to complain in large numbers about the loss of funds.

Then the famous blockchain researcher ZachXBT reported that the attacks began on June 2, and during these hacks more than $ 35 million in cryptocurrencies were stolen, including BTC, ETH, Tron, BSC, ADA, Ripple, Polkadot, Cosmos, Algo, Avax, XLM, LTC and Doge. ZachXBT later admitted that the total damage would exceed $50 million.

As experts from Elliptic now write, their analysis indicates the involvement of the Lazarus hack group in the incident. This appears to be their first major cryptocurrency heist of 2023.

Let me remind you that in the past, such large-scale incidents as the hacking of the Harmony Horizon cross-chain bridge in 2020, as well as the attack on the Ronin sidechain and the hacking of the NFT game Axie Infinity in 2022, were associated with the activity of Lazarus, during which hackers stole more than 600 million dollars. Also the media wrote about the fact that the North Korean Group Lazarus Attacks Energy Companies.

The Atomic Wallet attack shows that the attackers are still pursuing financial gain, and the stolen funds are being used to fund North Korea’s weapons program, experts say.

Elliptic identified a large number of victim wallets, which made it possible to trace the stolen funds. Analysis of the transactions allows a high degree of certainty to attribute this hack to the North Korean group Lazarus.Elliptic analysts write.

The company’s report reveals that the first piece of evidence pointing to Lazarus is a strategy to launder stolen assets, which is consistent with the patterns the researchers have observed previously.

Atomic Wallet and Lazarus

The second evidence is the use of the Sinbad cryptocurrency mixer to launder stolen funds, which the group also used after the Harmony Horizon bridge was hacked. Elliptic has previously said that tens of millions of dollars have passed through Sinbad, stolen by North Korean hackers, who clearly demonstrate trust in this service.

The third and most important piece of evidence that Lazarus was involved in the attack on Atomic Wallet is the fact that a significant amount of the stolen cryptocurrency eventually ended up in wallets where the proceeds from previous Lazarus hacks are stored and which allegedly belong to members of the group.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button