Illicit Funds from $35 Million Atomic Wallet Hack Flow to Mixer Preferred by North Korea’s Lazarus Group

By Tsunami 06/6/23 8:52 AM

In a recent development surrounding the $35 million Atomic Wallet hack, blockchain compliance analytics firm Elliptic has uncovered the movement of illicit funds to a crypto mixer favored by North Korea’s notorious cyber-hacking group. According to Elliptic’s Investigations Team, the stolen funds have been traced to the crypto mixer Sinbad.io.

Sinbad.io, previously associated with laundering over $100 million in crypto assets stolen by the Lazarus Group, has now become a conduit for the funds obtained from the Atomic Wallet hack. Elliptic’s report reveals that the stolen loot is being converted into Bitcoin before being obscured through the mixer, adding an additional layer of complexity to tracing the illicit transactions.

Analysis of the ongoing Atomic Wallet hack, from our new Investigations Team account @Elliptic_Inv https://t.co/gbm3dX34JB

— Elliptic (@elliptic) June 5, 2023

While the exact amount transferred to Sinbad.io was not disclosed by Elliptic, it is a significant development that sheds light on the Lazarus Group’s money laundering operations. The report also suggests that Sinbad.io is likely a rebranded version of Blender.io, a mixer that was heavily utilized by the Lazarus Group to launder funds. It is worth noting that Blender.io was the first mixer to be sanctioned by the U.S. Treasury Department.

The Atomic Wallet hack occurred on June 3, resulting in losses of up to $35 million. However, Atomic Wallet downplayed the incident, stating that it only impacted a small fraction of its monthly active users, constituting less than 1%. Nevertheless, the discovery of the funds flowing through Sinbad.io highlights the gravity of the situation and the need for increased vigilance in the crypto ecosystem.

The Lazarus Group, a state-sponsored hacking collective believed to be operating under North Korea’s direction, has gained infamy for its cyber-attacks targeting various industries, including financial institutions and cryptocurrency exchanges. The group is known for its sophisticated tactics and has been linked to high-profile attacks, such as the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack.

The utilization of crypto mixers like Sinbad.io enables cybercriminals to obscure the origin of stolen funds and launder them, making it challenging for authorities to trace and recover the illicitly obtained assets. The involvement of North Korea’s Lazarus Group in these operations further underlines the nexus between cybercrime and state-sponsored hacking.

As the crypto ecosystem continues to grow, incidents like the Atomic Wallet hack serve as a reminder of the importance of robust security measures and enhanced regulatory frameworks. Collaborative efforts between industry participants, blockchain analytics firms, and law enforcement agencies are essential to combating the activities of cybercriminals and state-sponsored hacking groups.

The revelation of funds flowing through Sinbad.io presents an opportunity for authorities to further investigate and disrupt the Lazarus Group’s operations. It also serves as a call to action for cryptocurrency exchanges and wallets to bolster their security protocols and stay one step ahead of sophisticated hacking groups.

The fight against cybercrime in the cryptocurrency realm is an ongoing battle that requires constant vigilance and proactive measures. Only through collective efforts can the industry maintain its integrity and protect users from the ever-evolving threats posed by cybercriminals and state-sponsored actors.

As investigations into the Atomic Wallet hack and its connection to the Lazarus Group continue, the cryptocurrency community eagerly awaits further developments, hoping that justice will be served and security measures strengthened to prevent future incidents of this magnitude.

Join us on Telegram