Skip to content

North Korea's Digital Footprint: The Atomic Wallet Hack

The recent breach of the Estonia-based Atomic Wallet has thrown the spotlight on a recurring challenge in the crypto landscape - cybercrime

Table of Contents

In the constantly evolving world of cryptocurrency, the security of digital assets is paramount. The recent breach of the Estonia-based Atomic Wallet has thrown the spotlight on a recurring challenge in the crypto landscape - cybercrime. The incident, resulting in millions of dollars in estimated losses, has been linked to a high level of confidence in North Korean state-backed hackers, known as the Lazarus Group.

The Atomic Wallet, a non-custodial decentralized wallet, gives users the responsibility for the assets they store. Supporting over 500 coins and tokens, including Bitcoin and Ethereum, it boasts more than five million users worldwide.

In the first week of June 2023, the company confirmed that it had received reports of compromised wallets and was investigating the issue. The incident affected less than 1% of its monthly users, estimated to be around 50,000 individuals, with the stolen assets totaling an estimated $35 million in various cryptocurrencies.


The Lazarus Group

The Lazarus Group has a history of such cyber heists. The blockchain analysis firm Elliptic stated that the laundering of the stolen crypto assets from Atomic Wallet followed a series of steps that exactly match those employed to launder the proceeds of past hacks by the Lazarus Group.

The hackers laundered the stolen assets through Sinbad, a crypto mixer that enables owners to hide the origins of their crypto funds. Sinbad believed to be a rebrand of the sanctioned mixer, has been previously implicated in laundering the proceeds of past hacks by the Lazarus Group.

In May 2022, the U.S. Treasury sanctioned for facilitating North Korea in its malicious cyber activities and money laundering of stolen virtual currency. The Lazarus Group reportedly used the mixer to launder more than $20 million worth of the $625 million in cryptocurrency it stole from the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity.

The laundering patterns observed in the Atomic Wallet hack bear striking similarities to those seen in the Ronin Network hack and the theft of $100 million in cryptocurrency from Harmony Horizon Bridge.

As the crypto community tries to understand how Atomic Wallet was compromised, it remains unclear whether affected users will be compensated. Atomic Wallet, in its latest update, declared its commitment to helping as many victims of the recent exploit as possible. It has engaged third parties to help trace stolen funds and liaise with exchanges and authorities.

The Atomic Wallet Hack

The Atomic Wallet hack is an urgent reminder of the cyber threats lurking in the digital world. In May, U.S. officials announced new sanctions against North Korea related to its army of illicit IT workers that have fraudulently gained employment to finance the regime’s weapons of mass destruction programs.

These highly skilled workers secretly work in various positions and industries, mainly on cryptocurrency projects, to launder illicitly obtained funds back to the North Korean government.

As the crypto world grapples with this security breach, it must also confront the reality of state-backed cybercrime.

The North Korean footprint in the Atomic Wallet hack underscores the need for robust cybersecurity measures to protect digital assets and the urgent need for international cooperation to prevent such cybercrimes.