In a significant blow to the crypto industry, Atomic Wallet, a centralized storage and wallet service, experienced a staggering theft of nearly $35 million worth of various tokens, which was reported on June 5th. The compromised user accounts on June 3rd resulted in substantial losses of digital assets, including popular cryptocurrencies such as Bitcoin (BTC), Ether (ETH), Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB Coin (BNB), and Polygon (MATIC). Notably, Tron-based USDT was identified as the largest stolen stash, as per on-chain analytics cited by blockchain sleuth ZachXBT.
Concerns about the security of funds held in Atomic Wallet had previously been raised by security audit company Least Authority in a blog post back in 2022. Unfortunately, these apprehensions turned into reality, leaving several users devastated. Some reported the loss of their cryptocurrencies following a recent software update, while others claimed to be affected despite not having updated to the latest version, as evidenced by messages from Atomic Wallet’s official Telegram channel.
In a breakthrough development, security firm Elliptic Connect traced the stolen funds from the Atomic Wallet hack, amounting to $35 million, to a coin mixing service called Sinbad. This mixer is notorious for being favored by the infamous North Korean hacker cell known as Lazarus. Coin mixers play a role in anonymizing cryptocurrency transactions by randomly mixing crypto transfers, making it difficult to trace the origin and destination of the funds.
Coincidentally, the Department of Justice had blacklisted Tornado Cash, another popular Ethereum mixing service, last year, effectively prohibiting American citizens from utilizing the service due to its association with aiding the money laundering activities of criminals.
Continuing the narrative, on June 6th Elliptic reported that the “stolen funds are being swapped for Bitcoin (BTC)” before being laundered through Sinbad. However, the situation took a new turn as the illicit funds began flowing through the sanctioned Russian-based crypto exchange Garantex, as per Elliptic’s latest update.
According to Elliptic, the North Korean hacking collective Lazarus Group, believed to be responsible for the Atomic Wallet attack, has utilized Garantex to launder the stolen loot. Despite a commendable cross-community effort between Elliptic and multiple exchange partners to freeze the stolen crypto, Lazarus has managed to find alternative means to trade their assets for Bitcoin.
Garantex, which was founded in late 2019 and initially registered in Estonia before relocating the majority of its operations to Moscow, has now come under scrutiny. The US Treasury Department has revealed that known Garantex transactions are associated with illicit actors and darknet markets, amounting to over $100 million.
Intriguingly, the hackers continue to obfuscate the funds withdrawn from Garantex through the Sinbad.io mixer. It is worth noting that Blender.io, the former iteration of Sinbad.io, had already been sanctioned by the Treasury Department in May 2022 for its role in supporting North Korea’s malicious cyber activities and money laundering of stolen virtual currency.
The Lazarus Group, a notorious North Korean hacking collective, has been linked to several major crypto exploits in the past year, including the Harmony Bridge hack and the Ronin Bridge hack.
As the investigation unfolds, the crypto community remains on high alert, emphasizing the importance of robust security measures, constant vigilance, and compliance with regulatory guidelines. The incidents surrounding Atomic Wallet and the subsequent laundering of stolen funds through Garantex highlight the need for increased scrutiny and accountability within the cryptocurrency ecosystem to combat cybercrime effectively.