Atomic Wallet logo | Source Crypto Daily

Users of Atomic Wallet recently suffered an attack that researchers believe was orchestrated by the popular North Korean hacking group, Lazarus. The Estonia-based crypto wallet operates on the principle of self-custody.

In other words, the responsibility for the assets stored in the wallet falls on the users, protected by a secret key or phrase.

The Atomic Wallet team said on June 3 that some users had reported suspicious activity in their wallets, with some losing funds. In a tweet shared on June 5, the company said that less than 1% of all its monthly active users had been affected – approximated to be around 50,000.

However, the team promised that a “security investigation was ongoing” and is committed to “helping as many victims of the recent exploit as possible” with the help of third parties to “trace stolen funds and liaise with exchanges and authorities.”

According to information shared on Twitter by the popular pseudonymous crypto enthusiast, @ZackXBT, the $35 million comprised several cryptos including Tron (TRX) and Tether (USDT), Bitcoin (BTC), Litecoin (LTC), Binance Coin (BNB) and Polygon (MATIC).

“Largest single victim I have observed is for 2.8M USDT. Multiple other losses for 6 figures across different chains,” @ZackXBT said via a Twitter thread.

Until now, the Atomic Wallet team is yet to confirm how many users had been compromised, the amount of money that had been stolen, or who was responsible for the hack.

North Korea’s Lazarus Group Could Be Responsible

Although Atomic Wallet is still mum on the details of the hack, researchers at Elliptic have reason to believe the Lazarus Group is behind the hack.

“At Elliptic, we have identified a large number of victim wallets, allowing the stolen funds to be traced in our software,” the researchers said in a blog post. “Exchanges and other crypto businesses using Elliptic’s tools can identify any deposits originating from the hack.”

The blockchain analytics firm said that their investigation has identified a similar pattern to those that the Lazarus Group has used to perpetrate previous hacks and launder the proceeds.

While attributing “with a high level of confidence” the Atomic Wallet hack to the Lazarus Group, the Elliptic researchers said that the pilfered assets are being cleansed through particular services, among them the Sinbad mixer, which has previously been deployed to sanitize the financial gains from earlier intrusions orchestrated by the Lazarus Group.

There’s a plausible chance that the stolen digital assets have been blended into wallets that contain the financial remnants from earlier cyber heists conducted by the Lazarus Group.

How Did It Happen?

Considering the Atomic Wallet team was cautioned by the Least Authority in February 2022 regarding the vulnerability of the self-custody platform, the hack was bound to happen sooner or later, especially if nothing was done to enhance the security of the assets.

In a related report by CoinDesk, as per the Least Authority’s assessment, there were several points of contention in Atomic’s operations.

These encompassed the methodology used in applying cryptography, failure to conform to ideal practices for wallet design, the absence of comprehensive project documentation, and the flawed usage of Electron. Electron is a toolset used for developing desktop applications.

An image from the Elliptic Investigator unveils a portion of the transactions implicated in the cleansing process of cryptoassets pilfered from the users on Atomic Wallet.

Dyma Budorin, the chief executive of blockchain security company Hacken, outlined multiple plausible theories behind the hack’s occurrence.

One possibility could be tied to Atomic’s method of generating recovery phrases—commonly referred to as seed phrases—for wallets.

The generated sequences might not have been adequately randomized, thus simplifying the task for hackers to brute-force their way into the wallets, as Budorin shared with CoinDesk.

This would signify the inaugural large-scale cryptocurrency heist openly associated with Lazarus Group, post their audacious swindle of Horizon Bridge, where they pocketed a staggering $100 million, back in June 2022.

With the Atomic Wallet team still silent on the matter, or perhaps conducting an investigation, it remains unknown whether the affected crypto holders will receive compensation.

Related Articles:

What's the Best Crypto to Buy Now?

  • B2C Listed the Top Rated Cryptocurrencies for 2023
  • Get Early Access to Presales & Private Sales
  • KYC Verified & Audited, Public Teams
  • Most Voted for Tokens on CoinSniper
  • Upcoming Listings on Exchanges, NFT Drops