Researchers Trace Atomic Wallet Hack to North Korea’s Lazarus
Blockchain intelligence company Elliptic found that Lazarus was behind the attack on Atomic Wallet.
The report follows an announcement by the non-custodial cryptocurrency wallet on Saturday of a cyberattack. Some users raised the alarm that hackers hijacked their wallets and moved their funds.
According to ZachXBT, the threat actors carted cryptocurrencies like bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), polygon (MATIC), and USDT based on Tron. These assets cost over $35 million.
Hacker’s Pattern Closely Mimick Lazarus
According to Elliptic, the hackers transferred the stolen cryptocurrency to a mixer called Sindbad.io. The mixer is a replacement for the Blender.io mixer which Lazarus frequently used to launder money from other hacks.
The intelligence company also connected the dots between some of the threat group hacks and the wallets holding the loot from Atomic.
New Vulnerability
Users can retain their cryptocurrency independently with non-custodial wallets like Atomic. This means that if they misplace their device or password for their wallet, they can only get their money back using the seed phrase.
However, anyone with the phrase can access the wallet, and money in it.
Another theory is that given the transaction data that is visible on the bitcoin blockchain, hackers could have mathematically deduced the users’ private keys. In a recently released publication, a researcher from the University of California, San Diego, described this type of attack.
Additionally, Hacken discovered that Atomics for Android “relied on an outdated and vulnerable dependency” while signing transactions, according to Budorin.
He added that the hack is outspoken, and brought to light the fundamental issues with crypto wallets. Commenting on other security issues, he claimed that wallets don’t give enough thought to creating a solid architecture with implemented security best practices
ZachXBT reports that Jito Labs, a Solana blockchain scaling business, has successfully recovered more than $1 million in money that was stolen from a single person.
Konstantin Gladych, CEO of Atomic, declined to comment on the potential cause of the intrusion.