Lazarus Group, the notorious North Korean hacking organization, has been implicated in the recent security breach of Atomic Wallet, resulting in the staggering theft of more than $35 million in cryptocurrency. This revelation comes from Elliptic, a team of blockchain experts who have diligently tracked the movement of the stolen funds across various wallets, mixers, and other laundering channels.
The attack on Atomic Wallet unfolded over the weekend as multiple users reported compromised wallets and the subsequent loss of their funds. As the investigation unfolded, ZachXBT, a crypto-analyst, estimated the losses to exceed $35 million, with the largest single victim accounting for nearly 10% of the total stolen amount.
Yesterday, Elliptic released a report pointing to the Lazarus Group as the primary perpetrators of this attack, marking their first significant cryptocurrency heist of 2023. This aligns with the FBI’s previous attribution of Lazarus in the Harmony Horizon Bridge hack of June 2022, which led to a $100 million theft, as well as the Axie Infinity hack of March 2022, where the group siphoned off $620 million in crypto.
Atomic Wallet breach traced back to notorious Lazarus group
The recent breach of Atomic Wallet underscores the unwavering focus of the threat actors on financial gains, which experts believe directly fund North Korea’s weapons development program. According to Elliptic, their software has successfully identified numerous victim wallets, enabling the tracing of the stolen funds. This meticulous analysis has unequivocally linked the hack to the Lazarus Group with a high level of confidence.
Elliptic’s examination of the laundering strategy employed in this attack is the first piece of evidence tying it to the Lazarus Group, as it aligns with patterns observed in their previous exploits. The utilization of the Sinbad mixer for laundering the stolen funds serves as the second attribution element, which coincides with the group’s modus operandi in the Harmony Horizon Bridge hack.
Elliptic has previously highlighted the substantial sums, amounting to tens of millions of USD, that North Korean hackers have funneled through Sinbad, illustrating their confidence and reliance on this new mixing service.
However, the most compelling proof of Lazarus’ involvement in the Atomic Wallet hack lies in the significant portion of stolen cryptocurrency that ultimately ended up in wallets linked to previous Lazarus hacks, believed to be owned by group members. This consistent pattern reinforces the connection between the threat actors and their prior malicious activities.
Unmasking the Dark Side: How stolen crypto is trapped in the Shadows
It is crucial to note that merely pilfering cryptocurrency represents only half of the hackers’ objectives. The emergence of blockchain monitoring firms and the increased capabilities of law enforcement agencies have significantly complicated the laundering process and hindered the conversion of stolen assets into other forms of crypto or fiat currency.
As victims promptly inform exchanges about wallet addresses containing stolen funds, such addresses become flagged, preventing their conversion. Consequently, the hackers are compelled to resort to less reputable exchanges that charge exorbitant fees for laundering these ill-gotten gains.
In summary, the recent Atomic Wallet hack, resulting in the loss of over $35 million in cryptocurrency, has been attributed to the notorious Lazarus Group. Elliptic’s meticulous analysis and transaction tracing have solidified this connection, revealing consistent patterns, the usage of specific laundering methods, and the presence of stolen funds in wallets linked to previous Lazarus exploits.
These findings shed light on the group’s unwavering pursuit of financial resources, often utilized to support North Korea’s weapons development initiatives. The evolving landscape of blockchain monitoring and law enforcement capabilities has introduced substantial challenges to hackers, making it increasingly difficult for them to successfully cash out stolen assets.
To read about other recent news about privacy violations and account breaches, check out the articles below and see how you can take precautions.
