Elliptic’s analysis suggests that North Korea’s Lazarus group is responsible for the crypto asset theft suffered by Atomic Wallet users.
He has at least $35 million allegedly was stolen from users of Atomic Wallet, a custody-free cryptocurrency wallet service with five million users worldwide. In a June 3 tweet, the service confirmed reports of compromised wallets, before confirming that “less than 1%” of users were affected.
At Elliptic, we identified a large number of victim wallets, which allowed the stolen funds to be traced back to our software. Exchanges and other crypto businesses using Elliptic tools can identify any deposits that originate from the hack.
Our investigation team also follows the trail of the transaction. An elliptical analysis of the thieves’ transactions leads us to attribute this hack to North Korea’s Lazarus group, with a high level of confidence. This attribution is based on a number of factors, including:
- Laundering stolen cryptoassets follows a series of steps that exactly match those employed to launder the proceeds of past hacks by the Lazarus Group.
- Stolen property is washed with the help of special services, including Sinbad mixerwhich were also used to launder the proceeds of past hacks by the Lazarus Group.
- It is possible that the stolen crypto-assets were mixed into wallets containing the proceeds of past hacks by the Lazarus Group.
This would mark the first major cryptocurrency theft publicly attributed to the Lazarus group since the $100 million Horizon Bridge exploit in June 2022.
A screenshot from Elliptic Investigator, showing some of the transactions involved in laundering the cryptoassets stolen from Atomic Wallet users.
Elliptic will continue to monitor the situation and update our system with new information about the stolen funds.
Stay tuned for the latest from our investigative team Twitter.
Follow the Lazarus Group’s blockchain transaction trail yourself, using Investigator.
Law Enforcement APAC Crypto Crime