The North Korean Lazarus Group, a state-sponsored cybercriminal organization, is alleged to have pilfered more than $100 million worth of digital currencies, marking yet another notable instance of cyber theft. The heist targeted an Estonian company, with London-based blockchain analytics firm Elliptic unveiling the findings of its investigation into the Bitcoin breach at Atomic Wallet. It is estimated that over 5,500 wallets were affected by the attack.
Elliptic reports that losses claimed by users of Atomic Wallet exceed $100 million. Atomic Wallet serves as a decentralized platform for individuals worldwide to store, manage, and trade their cryptocurrency holdings, boasting a user base of approximately 5 million individuals. In collaboration with international law enforcement agencies and financial institutions, Elliptic successfully froze $1 million in stolen funds.
In response to the freezing of crypto assets, hackers have modified their strategies and turned to the Russian-based Garantex market to launder the stolen funds. Garantex had previously faced penalties from the US Department of the Treasury in April 2022 for facilitating money laundering activities associated with ransomware attacks and darknet marketplaces.
On June 3, Atomic Wallet issued a public apology to affected customers, acknowledging the compromise of their wallets in the breach. Subsequently, on June 6, Elliptic presented compelling evidence supporting their assertion that the Lazarus Group was responsible for the Bitcoin theft. The laundering techniques employed for the stolen Bitcoin closely resemble those used in previous cyberheists attributed to the Lazarus Group.
Further Lazarus’ activity
Furthermore, the Lazarus Group has been linked to the use of money-laundering services such as the Sinbad mixer to obfuscate the proceeds obtained from their illicit activities. Elliptic suspects the Lazarus Group’s involvement in the recent significant Bitcoin theft targeting Atomic Wallet, which follows similar attacks on Horizon Bridge resulting in a $100 million theft in June 2022.
Other notable cybercrimes attributed to the Lazarus Group include the $625 million Ronin bridge heist in March 2022 and the $275 million hacking of KuCoin in 2020. According to Chainalysis, a US blockchain data firm, hackers affiliated with North Korea, particularly the Lazarus Group, stole approximately $1.7 billion worth of cryptocurrencies in various cyberattacks throughout 2022.
Highlighting the broader implications, Anne Neuberger, the US Deputy National Security Adviser for Cyber and Emerging Technology, revealed in May that nearly 50% of North Korea’s missile program was funded by proceeds from crypto heists and cyberattacks.
