The notorious North Korean hacking group known as Lazarus has been linked to the recent Atomic Wallet hack resulting in the theft of over $35 million in crypto.

This attribution comes from blockchain experts at Elliptic, who tracked stolen funds and their movements through wallets, mixers, and other laundering routes.

THE atomic wallet attack happened last weekend when many users reported that their wallets had been compromised and their funds had been stolen.

While the investigation into the incident was ongoing, the crypto analyst ZachXBT calculated the losses at over $35 million, with the biggest victim losing almost 10% of the total stolen.

Yesterday, Elliptic reported that its analysis singles out the Lazarus Group as the threat actors responsible for the attack, making it the hackers’ first major crypto heist of 2023.

Last year, the FBI awarded Lazarus the Harmony Horizon Bridge Hack in June 2022, which resulted in the theft of $100 million, as well as the March 2022 hack Axie Infinityof which the North Koreans embezzled $620 million in crypto.

The latest attack on Atomic Wallet shows that threat actors remain focused on monetary goals, which experts say are directly used to fund North Korea’s weapons development program.

“At Elliptic, we have identified a large number of victim wallets, allowing the stolen funds to be traced in our software,” it reads. The Elliptic ReportElliptic.

“Our analysis of the thief’s transactions leads us to attribute this hack to the North Korean group Lazarus, with a high level of confidence.”

Transaction tracing

The first piece of evidence pointing to the Lazarus group is the observed laundering strategy, which matches patterns seen in previous attacks by the particular threat actor.

The second element of attribution involves using the Sinbad mixer to launder stolen funds, which the threatening group also used in the Harmony Horizon Bridge hack.

Elliptic previously said that North Korean hackers had spent tens of millions of dollars through Sinbad, demonstrating their faith in the new mixer.

The third and most important piece of evidence for Lazarus’ involvement in the Atomic Wallet hack is that substantial portions of the stolen cryptocurrency ended up in wallets that hold proceeds from previous Lazarus hacks and are believed to belong to the group members.

As last year’s attacks have shown, successful theft of cryptocurrency only reaches halfway to the goal.

The rise of blockchain surveillance companies, coupled with the improved abilities law enforcement agencies, a considerably complicated the laundering process and, subsequently, the collection of stolen assets.

As victims notify exchanges of wallet addresses containing stolen funds, preventing them from being exchanged for other crypto or fiat, this leads hackers to turn to less scrupulous exchanges that take a hefty commission to launder the money.