Blockchain experts Elliptic have named the Lazarus group as the perputrators of the theft of USD $35M in cryptocurrency as a result of the recent Atomic Wallet hack.
Elliptic have been tracking the stolen funds and their movements across wallets, mixers, and other laundering pathways to see where the stolen crypto funds end up – and the signs all point to North Korea.
The attack on Atomic Wallet occurred last weekend when numerous users reported that their wallets had been compromised and their funds stolen.
What is Atomic wallet?
Atomic Wallet is a mobile and desktop cryptocurrency wallet which allows users to store various cryptocurrencies. The wallet is available for multiple operating systems, including Windows, Android, iOS, macOS, and Linux.
On June 3rd, Atomic Wallet tweeted that they had started to receive reports of compromised wallets and had begun investigating the issue.
Crypto-analyst ZachXBT calculated the losses to be over USD$35 million, with the largest single victim losing almost 10% of the stolen total.
Funding N. Korea missile program
In June last year, the FBI attributed the Harmony Horizon Bridge hack to Lazarus, which resulted in the theft of USD$100M, as well as the March 2022 hack of Axie Infinity, from which the North Koreans siphoned USD$620 million in cryptocurrency.
The latest attack on Atomic Wallet shows that the threat actors remain focused on monetary goals, which experts have said are directly used to fund North Korea’s weapons development program.
A number of items point to the attack being the fruits of Lazurus’s labour.
The first piece of evidence is the observed laundering strategy, which matches patterns seen in previous attacks by Lazarus.
The second piece of evidence is the use of the Sinbad mixer for laundering the stolen funds, which the Lazarus group used in the Harmony Horizon Bridge hack.
The third and most significant piece of evidence of Lazarus’ wrongdoings is that a substantial portion of the stolen cryptocurrency ended up in wallets that hold the proceeds of previous Lazarus hacks and are assumed to belong to group members.