North Korea's Lazarus Group reemerges with new $100 million crypto hack

Quick Take

  • Blockchain forensics firm Elliptic has attributed a suspected Atomic Wallet hack to North Korea’s Lazarus Group, which is now using the Russian crypto exchange Garantex to launder portions of the stolen funds.
  • Elliptic estimates that losses from the Atomic Wallet hack have surpassed $100 million.

Blockchain forensics firm Elliptic said Tuesday that losses suffered by Atomic Wallet users from an apparent hack have risen to more than $100 million.

The wallet provider on June 3 acknowledged receiving reports that some wallets had been compromised and said less than 1% of its active users had been affected. It has yet to provide an additional update. 

Elliptic, which tracked over 5,500 wallets believed to have been targeted in the attack, said that the North Korean hacking association Lazarus Group was responsible in what would be its first major crypto theft since the $100 million exploit of the Horizon Bridge a year ago. 

"Since the theft took place, Elliptic has been working to retrieve the stolen assets," Elliptic said. "Our team has partnered with several investigators and exchanges around the world to trace and freeze the stolen funds. This has led to over $1 million in stolen assets being frozen."

Atomic Wallet hack is latest for Lazarus Group

The thief has now started to change its behavior, turning to Russian crypto exchange Garantex to launder the assets.

The U.S. government linked the Lazarus Group to the high-profile Ronin exploit that resulted in $600 million worth of digital assets being stolen from the Axie Infinity sidechain. In all, Elliptic estimates the Lazarus Group has pilfered more than $2 billion in digital assets across numerous heists. 

"I'm afraid we have no insights into the underlying exploit," Elliptic's Chief Scientist and co-founder Tom Robinson told The Block. "It's becoming clear that this is a major crypto heist, and most probably another significant success for North Korea's Lazarus Group. They had been relatively quiet since last year's Horizon bridge hack, but this shows that they are still actively targeting the crypto ecosystem."

Atomic Wallet didn't immediately respond to a request for comment from The Block. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.