North Korean hackers behind Atomic Wallet breach, finds intelligence firm
- North Korean hacking group could be behind the Atomic Wallet breach.
- It was found that the stolen crypto has been routed through a mixer, Sindbad.io.
According to the blockchain intelligence firm Elliptic, Atomic Wallet users could have been targeted by the notorious North Korean Lazarus hacking group.
The Atomic team disclosed on 3 June that the wallets of some of its users were compromised and their assets lost. The number of incidents, according to the team, barely reached 1% of “monthly active users.”
The announcement came after numerous Reddit reports from users who claimed their wallets were emptied.
ZachXBT, a pseudonymous blockchain investigator, estimated that roughly $35 million in various tokens, including Bitcoin, Ethereum and Dogecoin were stolen.
Hacked crypto routed through mixer
Elliptic wrote that the stolen crypto has been routed through a mixer, Sindbad.io. Elliptic believes the mixer to be another version of the previously sanctioned Blender.io.
Blender.io was frequently used to launder money from earlier hacks attributed to Lazarus, and the usage pattern is consistent. Elliptic also discovered links between the wallets containing the loot from Atomic and some Lazarus hacks.
Non-custodial wallets, such as Atomic, allow users to maintain their crypto autonomously, without relying on a centralized entity.
This means if users lose their device or wallet password, they can only recover funds using the seed phrase. But there is a catch. Anyone with access to the seed phrase, on the other hand, can clone the wallet and steal the funds.
Security assessment firm Least Authority had already cautioned last year that Atomic Wallet could be vulnerable to attacks.
According to the firm, problems included Atomic’s implementation of encryption, which did not comply to best practices for wallet design, a lack of strong project documentation, and erroneous use of Electron, a framework for developing desktop applications.
The Atomic team was collecting data from affected customers and sending it to the blockchain analysis firms like Chainalysis, Crystal and Elliptic, adding that some of the funds have reached exchanges and had been blocked.