Elliptic, a blockchain intelligence firm, suspects that the infamous North Korean hacking group Lazarus is behind the recent hack of Atomic Wallet. Early Saturday morning, the team behind Atomic, a non-custodial crypto wallet, announced that some users had been compromised and lost funds from their wallets. According to pseudonymous blockchain sleuth ZachXBT, around $35 million in various cryptocurrencies had been stolen, including Bitcoin (BTC), Ether (ETH), Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB Coin (BNB), Polygon (MATIC) and Tron-based USDT.
The stolen crypto has been funneled to a mixer called Sindbad.io, Elliptic wrote. This mixer, which Elliptic believes is a successor of the previously sanctioned mixer Blender.io, has been often used to launder money from other hacks attributed to Lazarus, and the usage pattern is the same, Elliptic said. The firm also found connections between the wallets containing the loot from Atomic and some of the Lazarus hacks.
Security audit company Least Authority had previously warned in a blog post that Atomic Wallet may have been vulnerable to breaches. According to Dmytro Budorin, CEO of blockchain security firm Hacken, there are several possible explanations for how the hack happened, including the way Atomic implemented cryptography, a lack of robust project documentation, incorrect use of Electron, and outdated and vulnerable dependencies.
This hack is very vocal, highlighting the core problems in crypto wallets. The wallets don’t pay enough attention to building a strong architecture with security best practices implemented, Budorin said. Jito Labs, a Solana blockchain scaling startup, has successfully recovered over $1 million in funds stolen from a single wallet.
Atomic Wallet users have been urged to take extra precautions to protect their funds, such as using a hardware wallet, enabling two-factor authentication, and using a unique password for each wallet.