Find out who's the infamous state-sponsored threat group behind this massive hack of a $35 Million Atomic Wallet!

Continue reading
Remember the massive $35 million cryptocurrency heist that recently swayed the crypto space? Well, it appears that this cryptocurrency attack on Atomic Wallet is most likely to be linked to none other than the infamous North Korean hacking group. In this Threatfeed, we will delve into the details of how this connection was established and provide comprehensive insights into the workings of this notorious group.
The attack on Atomic Wallet surfaced last weekend as soon as numerous users started reporting compromised wallets and the loss of their cryptocurrency funds. This has been yet another crypto hack involving North Korean state-sponsored hacker groups following Axie Infinity's $620 Million cryptocurrency wipeout, though later on $30 Million was confiscated by the U.S. Government.
As the current investigation gradually unfolded, crypto-analyst ZachXBT calculated the losses to exceed $35 million, with the most prominent single victim losing nearly 10% of the stolen total. However, the true extent of the damage would only become apparent through the diligent work of organizations like Elliptic.
Yesterday, Elliptic released a report attributing the Atomic Wallet hack to a malicious act of the infamous Lazarus Group, making it their first major crypto heist for 2023. But the involvement of Lazarus Groups amongst various heists remains never-ending and will continue to evolve. Similar instances existed when Lazarus Group was held responsible for $100 Million Harmony Horizon Bridge Hack in June 2022.
This attribution is based on a high level of confidence, supported by Elliptic's analysis of the thief's transactions.
The observed laundering strategy employed in the Atomic Wallet hack matches patterns seen in previous attacks by the Lazarus Group. This consistency suggests a signature modus operandi and strengthens the link to the notorious North Korean hackers.
The Lazarus Group utilized the Sinbad mixer to launder the stolen funds in both the Atomic Wallet hack and the Harmony Horizon Bridge hack, as previously attributed by the FBI. Elliptic's analysis reveals that North Korean hackers have been utilizing Sinbad to launder tens of millions of USD, demonstrating their confidence and trust in this specific mixer.
Significant portions of the stolen cryptocurrency from the Atomic Wallet hack have ended up in wallets that hold the proceeds of previous Lazarus Group hacks. These wallets are assumed to belong to Lazarus Group members, providing substantial proof of their involvement in the latest heist.
The repeated targeting of cryptocurrency platforms by Lazarus Group indicates their unwavering focus on monetary goals. Experts speculate that the stolen funds directly finance North Korea's weapons development program. This revelation adds a geopolitical dimension to the already alarming threat posed by this hacking group.
The Lazarus Group's track record of high-profile hacks is deeply concerning. In June 2022, the FBI attributed to Lazarus Group the Harmony Horizon Bridge hack, which resulted in the theft of $100 million. Furthermore, the March 2022 hack of Axie Infinity saw the North Korean hackers siphon off an astonishing $620 million in cryptocurrency. These incidents highlight the Lazarus Group's technical expertise and ability to orchestrate large-scale thefts.
Elliptic has played a crucial role in identifying victim wallets and tracing the stolen funds. Their software enables exchanges and other crypto businesses to identify any deposits originating from the Atomic Wallet hack. By closely monitoring the transaction trail, Elliptic's investigation team has contributed significantly to the attribution of this hack to Lazarus Group.

*Elliptic Investigator screenshot exposes Crypto laundering*

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation