Elliptic’s analysis shows that reported losses suffered by Atomic Wallet users have now risen to more than $100 million. We are monitoring over 5,000 crypto wallets believed to have been compromised in the attack.
At least ten crypto addresses lost more than $1 million, and at least 164 lost more than $100,000. The average loss is $2,800.
There has still been no explanation from Atomic Wallet regarding the root cause of the losses.
In a June 3 tweet, the service confirmed reports of compromised wallets, before confirming that “less than 1%” of users were affected.
Elliptic attributed the incident to North Korea’s Lazarus group, which is believed to have stolen over $2 billion in crypto assets in multiple thefts. This would mark the first major cryptocurrency theft publicly attributed to the Lazarus group since the $100 million Horizon Bridge exploit in June 2022.
Since the theft occurred, Elliptic has been working to recover the stolen property. Our team has partnered with several investigators and exchanges around the world to trace and freeze the stolen funds. This led to the freezing of over a million dollars in stolen property.
In response to freezing these funds, the thief began to change his behavior. In particular, they turned to the Russian stock exchange Garantex to launder the stolen assets. Garantex was sanctioned by the US Treasury Department in April 2022 for its role in laundering the proceeds of ransomware and darknet markets. However, the stock market continues to operate.
Elliptic has developed comprehensive and unique intelligence on the crypto wallets used by Garantex, enabling our clients to avoid transactions with this sanctioned actor.
A screenshot from Elliptic Investigator, showing the proceeds of the Atomic Wallet hack being laundered through Garantex.
Law Enforcement APAC Crypto Crime