North Korean hacking group Lazarus linked to $35 million cryptocurrency heist
The notorious North Korean hackers of Lazarus Group could potentially be responsible for the $35 million cryptocurrency heist from the decentralized wallet platform Atomic Wallet, according to analysts.
Atomic Wallet users’ wallets were compromised earlier last week. According to the company’s statement, less than 1% of its monthly active customers were affected by the hack. In total, Atomic Wallet has 5 million users worldwide.
Researchers at blockchain analytics firm Elliptic attributed the incident on Wednesday to the Lazarus Group “with a high level of confidence” because the hackers used similar techniques as in previous attacks.
For example, the stolen assets were laundered using services, including the Sinbad mixer, which were also used to launder the proceeds of past hacks committed by Lazarus.
According to Elliptic, it is possible that recently stolen cryptocurrency assets have been combined or mixed together in wallets that also contain the proceeds from past hacks carried out by the Lazarus hackers.
The exact details of the attack on Atomic Wallet remain unclear at this time. However, according to Hugh Brooks, the director of security operations for blockchain auditing company CertiK, it is probable that the incident was caused by a bug in the wallet provider's application, which exposed users' private keys.
What makes this incident stand out is the size of the theft, according to Brooks, and the fact that this is the first major crypto theft publicly attributed to Lazarus Group since the $100 million attack on Horizon Bridge in June 2022, according to Elliptic.
At that time, hackers exposed information while trying to launder the money stolen from Horizon.
A string of heists
North Korean hacking groups have a long history of launching financially motivated attacks and intrusion campaigns on cryptocurrency exchanges, commercial banks and e-commerce systems.
These campaigns are meant to bolster “the North Korean government’s continued efforts to generate funds for the regime, which remains under significant international sanctions,” according to new research by Recorded Future’s Insikt Group.
Lazarus, in particular, is believed to have stolen over $2 billion in digital assets from crypto exchanges and decentralized finance services, according to Elliptic. For example, it is allegedly responsible for the $540 million hack of Ronin Bridge in April 2022.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.