The Atomic Wallet has been breached and all evidence points to the Lazarus Group

Emre Çitak
Jun 9, 2023

The notorious Lazarus Group, North Korean hacking organization, has once again made headlines with their involvement in the recent security breach of Atomic Wallet. This breach resulted in the staggering theft of over $35 million worth of cryptocurrency.

The trail of evidence leading to the Lazarus Group has been meticulously uncovered by Elliptic, a team of blockchain experts. Their analysis has shed light on the movement of stolen funds and the group's sophisticated laundering techniques.

Lazarus Group hacks Atomic Wallet
In recent years, the Lazarus Group has increasingly targeted cryptocurrency exchanges and wallets - Image: Atomic Wallet

Lazarus Group strikes Atomic Wallet

The attack on Atomic Wallet unfolded over the weekend, leaving multiple users in despair as their wallets were compromised and funds vanished into thin air.

The scale of the losses quickly became apparent, with estimates by crypto-analyst ZachXBT indicating that the total amount stolen exceeded $35 million. Shockingly, one individual accounted for nearly 10% of the entire stolen sum.

All eyes are on Lazarus Group

Yesterday, Elliptic released a comprehensive report firmly attributing the Atomic Wallet breach to the Lazarus Group. This marks their first significant cryptocurrency heist of 2023, adding to their notorious track record.

The report aligns with the FBI's prior identification of the Lazarus Group in the Harmony Atomic Wallet breach, further solidifying their involvement.

Lazarus Group's signature techniques

Elliptic's examination of the laundering strategy employed in the Atomic Wallet breach has provided the first concrete evidence linking it to the Lazarus Group.

The patterns observed in their previous exploits align with the methods employed in this attack. Notably, the utilization of the Sinbad mixer for laundering the stolen funds serves as the second attribution element, mirroring the group's modus operandi in the Harmony Horizon Bridge hack.

Lazarus Group hacks Atomic Wallet
The hacking pattern of Atomic Wallet points out at Lazarus - Image: Atomic Wallet

Moreover, Elliptic has previously highlighted the significant sums, amounting to tens of millions of USD, that North Korean hackers have funneled through Sinbad.

This underscores the group's confidence and reliance on this particular mixing service.

The proof

The most compelling proof of Lazarus Group's involvement in the Atomic Wallet hack lies in the significant portion of stolen cryptocurrency that ultimately ended up in wallets linked to their previous exploits.

These wallets are believed to be owned by group members, establishing a consistent pattern that reinforces the connection between the threat actors and their prior malicious activities.


Tutorials & Tips

Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.