Elliptic North Korean Hackers Breached Atomic Wallet.

Blockchain intelligence firm Elliptic reported in a blog post on Tuesday that users of Atomic Wallet may have been targeted by Lazarus, the notorious North Korean hacking group.

The Atomic team, which runs a non-custodial crypto wallet, announced early on Saturday that some users had been hacked and had lost the funds in their accounts. Despite multiple complaints from users on Reddit, the number of incidents did not exceed 1% of monthly active users, according to the company. ZachXBT, a pseudonymous blockchain investigator, estimated that approximately $35 million in various cryptocurrencies, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), polygon (MATIC), and Tron-based USDT, had been stolen.

Elliptic reported that the stolen crypto had been sent to Sindbad.io, a mixer that the company believes to be a descendant of the previously sanctioned mixer Blender.io, which has been frequently used to launder money from other hacks attributed to Lazarus. Elliptic also discovered connections between the wallets containing the stolen funds from Atomic and some of the Lazarus hacks.

Last year, Least Authority, a security audit firm, warned in a blog post that Atomic Wallet may have been vulnerable to breaches. According to the firm, Atomic had issues with the way it implemented cryptography, did not adhere to the best practices for wallet design, lacked robust project documentation, and made incorrect use of Electron, a framework for building desktop applications. Atomic has since removed the post.

According to Dmytro Budorin, CEO of blockchain security firm Hacken, there are several possible explanations for how the hack happened, including Atomic’s way of generating recovery phrases for wallets, which may not have produced sufficiently random sequences of words. Another hypothesis is that hackers could have mathematically derived the users’ private keys from the transaction data visible on the bitcoin blockchain. The Android version of Atomic “relied on an outdated and vulnerable dependency” when signing transactions, Hacken also detected.

Non-custodial wallets such as Atomic allow users to keep their crypto, without trusting a centralized company, which means that if users lose a device or password for their wallet, they can only recover funds using the seed phrase. However, anyone with access to the seed phrase can duplicate the wallet and steal the funds.

The Atomic team is now collecting data from affected users and passing it on to blockchain analysis firms like Chainalysis, Crystal, and Elliptic, according to Atomic CEO Konstantin Gladych. Some of the funds have been blocked after landing on exchanges. “The attack was definitely organized by a team of professional hackers. They’re using scripts, splitting of the funds, mixers, etc.,” Gladych said.

We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more


Shady Transactions Raise Eyebrows as $110 Million Evaporates from HECO Bridge and HTX Exchange – What in the Crypto World is Happening?

Recent blockchain breaches on the HECO bridge and HTX platform have been reported by security firms, resulting in an ...


Justin Sun's Huobi-linked exchange, WhiteBIT, raises concerns over its lending platform.

WhiteBIT, an exchange associated with Justin Sun, has recently gained attention for offering an impressive Annual Per...


DeFi Dilemma: Staking Ether Goes Liquid!

Fashion company Ether.fi secures $5.3 million in seed funding from North Island VC in March.


New name HTX raises eyebrows in Huobi community

Huobi is excitedly marking its impressive 10th anniversary by embarking on a bold marketing campaign – a rebranding i...


Crypto exchange HTX gets raided for $258M, investors sprint for the exits

Fashionista readers, take note Popular cryptocurrency exchange, HTX, has experienced a significant $258 million decre...


Ether.Fi will launch the ETHFI token on Binance Launchpool next week.

Liquid restaking protocols, such as Ether.Fi, utilize Ethereum's proof-of-stake blockchain to enhance the security of...