North Korea's Lazarus Group reemerges with new $100 million crypto hack

Quick Take

  • Blockchain forensics firm Elliptic has attributed a suspected Atomic Wallet hack to North Korea’s Lazarus Group, which is now using the Russian crypto exchange Garantex to launder portions of the stolen funds.
  • Elliptic estimates that losses from the Atomic Wallet hack have surpassed $100 million.

Blockchain forensics firm Elliptic said Tuesday that losses suffered by Atomic Wallet users from an apparent hack have risen to more than $100 million.

The wallet provider on June 3 acknowledged receiving reports that some wallets had been compromised and said less than 1% of its active users had been affected. It has yet to provide an additional update. 

Elliptic, which tracked over 5,500 wallets believed to have been targeted in the attack, said that the North Korean hacking association Lazarus Group was responsible in what would be its first major crypto theft since the $100 million exploit of the Horizon Bridge a year ago. 

"Since the theft took place, Elliptic has been working to retrieve the stolen assets," Elliptic said. "Our team has partnered with several investigators and exchanges around the world to trace and freeze the stolen funds. This has led to over $1 million in stolen assets being frozen."

Atomic Wallet hack is latest for Lazarus Group

The thief has now started to change its behavior, turning to Russian crypto exchange Garantex to launder the assets.

The U.S. government linked the Lazarus Group to the high-profile Ronin exploit that resulted in $600 million worth of digital assets being stolen from the Axie Infinity sidechain. In all, Elliptic estimates the Lazarus Group has pilfered more than $2 billion in digital assets across numerous heists. 


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro