Atomic Hack Funds Sent to Crypto Mixer Used by Lazarus Group

Table of Contents

• Atomic Wallet Users Drained of Over $35 Million
• Blender.io Relaunches As Sinbad.io

According to reports from Elliptic, funds drained from the Atomic Wallet hack have been sent to Sinbad, a crypto mixer used by the Lazarus Group.

According to reports by crypto tracing firm Elliptic Enterprises, the funds drained from the hack on the Atomic Wallet on June 3 have been sent to a crypto mixer used by the Lazarus Group, a notorious North Korean hacking operation.

The $35 million stolen from @AtomicWallet users is being laundered through Sinbad - the mixer fka(?) Blender and used heavily by NK's Lazarus Grouphttps://t.co/UHCwfZiw8e

— Elliptic Investigations (@Elliptic_Inv) June 5, 2023

Elliptic reported that its Investigation Team traced funds from the $35 million hack to Sinbad.io, a cryptocurrency mixer used by the hacking group.

Elliptic’s Investigations Team is also following the transaction trail, and has determined that the stolen funds are being swapped for bitcoin, before being laundered through Sinbad.io - a mixer. Previous Elliptic research revealed that Sinbad has been used intensively to launder over $100 million in proceeds of hacks perpetrated by North Korea’s Lazarus Group.

This includes assets from the $540 million Axie Infinity hack and $100 million Horizon Bridge attack.

Atomic Wallet Users Drained of Over $35 Million

On June 3, the self-custodial, decentralised Atomic Wallet received reports that several wallets had been drained of their funds. The project confirmed the compromise on June 4 and said it would investigate the matter.  

We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.

For any questions and concerns, contact [email protected]

— Atomic - Crypto Wallet (@AtomicWallet) June 3, 2023

Atomic said on June 5 that less than 1% of its monthly active users were compromised in the attack, adding that it continues to investigate.

At the moment less than 1% of our monthly active users have been affected/reported. Last drained transaction was confirmed over 40h ago.

Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds.

— Atomic - Crypto Wallet (@AtomicWallet) June 5, 2023

Blender.io Relaunches As Sinbad.io

Earlier reports indicated North Korean hackers had been using a new mixing service to launder stolen cryptocurrencies. Elliptic found that the crypto mixing service used by the Lazarus Group, Blender, is likely to have been re-launched as Sinbad.

Following a series of high-profile hacks, the United States Treasury’s Office of Foreign Asset Control (OFAC) imposed sanctions against Blender and Tornado Cash for helping Lazarus launder close to $500 million in illicitly obtained cryptocurrencies. After the US imposed sanctions against the mixing services, Tornado Cash continued to operate while Blender ceased its operations and disappeared after reportedly taking $22 million in Bitcoin from the mixer.

According to Elliptic, Blender likely started operating the new service called Sinbad, which Lazarus used to launder illicit funds in October 2022.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.