Elliptic, a blockchain intelligence firm, said in a blog post on Tuesday that users of Atomic Wallet may have fallen victim to Lazarus, the notorious North Korean cybercrime group. Reportedly, illegal funds from the $35 million Atomic Wallet hack have been transferred to a crypto aggregator that is favored by North Korea’s most notorious cyber-hacking group.
The Lazarus Group financial terror hits the crypto industry hard
Lazarus Group is a North Korean cybercrime organization known for its cyber exploits, and it has been blamed for a number of attacks since 2010. The entity is thought to be funded by the North Korean government and consists of an unknown number of hackers. It has launched an increasing number of attacks through its various subgroups, including StoneFly, AndAriel, and BlueNoroff.
Since 2017, when it attacked South Korean crypto investors with Bitcoin and Monero holdings, the criminal group has terrorized the crypto community by using autonomous means of distributing new sorts of computer viruses that expose flaws in well-known software systems. Previously, Lazarus Group was notorious for conducting cyber espionage campaigns against South Korean government entities through distributed denial-of-service assaults.
Lazarus Group has also used the SWIFT network to undertake assaults on global organizations such as Sony and banking institutions, as well as a large-scale ransomware attack that affected thousands of machines in countries such as Russia, India, Taiwan, and Ukraine. During the COVID-19 pandemic in late 2020, the criminal group used spear-phishing techniques to get into computers and stole proprietary COVID-19 research.
The group began 2022 with a $600 million heist on Ronin, the blockchain protocol associated with the renowned crypto game Axie Infinity. Lazarus Group has been linked to a new type of crypto hacking, promoting fake crypto applications under the brand BloxHolder to spread the AppleJeus malware and steal crypto funds. The group is responsible for more than 25 notable attacks.
Atomic Wallet suffers loss under cyber criminals
The team behind Atomic Wallet, a non-custodial crypto wallet, announced early Saturday morning that some users had their wallets compromised and funds stolen. The number of incidents reportedly did not exceed 1% of “monthly active users.” The announcement followed many complaints on Reddit from users whose wallets had been emptied.
ZachXBT, a pseudonymous blockchain detective, estimated that approximately $35 million worth of crypto had been stolen, including bitcoin, ether, tether, dogecoin, Litecoin, BNB coin, polygon, and Tron-based USDT.
Elliptic wrote that the stolen crypto was transferred to a mixer called Sindbad.io. This mixer, which Elliptic believes is a successor to the previously sanctioned mixer Blender.io, has frequently been used to launder money from other hacks attributed to Lazarus, according to Elliptic, who noted that the utilization pattern is identical. According to the blog post, the company also discovered connections between the wallets containing the stolen funds from Atomic and some of the Lazarus breaches.
Non-custodial wallets, such as Atomic, allow users to retain their crypto autonomously, without relying on a centralized entity, which means that if users lose their wallet’s device or password, they can only recover funds using the seed phrase. Anyone with access to the seed phrase, on the other hand, can clone the wallet and steal the funds.
Three hours ago, Elliptic Investigations updated that Atomic Wallet hack funds have just been swapped for USDT and bridged to TRON.
It’s probable that the stolen crypto assets were mixed in wallets containing the proceeds of previous Lazarus Group attacks. This would be the first large crypto theft openly traced to Lazarus Group since the $100 million Horizon Bridge breach in June 2022.