North Korean hackers swipe over $100M from Atomic Wallet users

Atomic Wallet, a noncustodial decentralized wallet, has been hit by a staggering exploit, leading to users reporting losses of their entire cryptocurrency portfolios. This unforeseen breach has sent shockwaves through the crypto community, as Atomic Wallet’s fundamental premise relies on users assuming full responsibility for storing their assets securely. 

The losses from the Atomic Wallet heist have now skyrocketed to over $100 million, according to an analysis conducted by Elliptic. This alarming figure highlights the severity of the attack, which compromised an estimated 5,500 crypto wallets.

Despite the magnitude of the incident, Atomic Wallet has yet to provide any explanation regarding the root cause of these substantial losses. This has led to mounting concerns from frustrated users who anxiously await clarification and reassurance from the company. Meanwhile, at the time of publication, the company’s last update on Twitter was on June 7. 

Frustrated Atomic Wallet users have taken to Twitter to express their annoyance at the way the company is handling the issue. Twitter user Ezra Carlson shared, tagging Atomic Wallet, “why won’t AM give me a straight answer about why they didn’t warn me, knowing full well that they were being hacked, that it was not safe to use AM last week before I made a transfer to my wallet that was then hacked.”

Another user, “Real Deal Crypto,” called out Atomic Wallet for its lack of updates pertaining to the situation, saying, “Your last update was five days ago – SERIOUSLY?!?!”

On June 3, Atomic Wallet acknowledged reports of compromised wallets in a tweet but downplayed the impact, stating that “less than 1%” of its user base had been affected. However, the staggering sum of the losses suggests a significant breach.

Related: Atomic Wallet hack losses top $35M, on-chain sleuth reports

Elliptic has linked the heist to the notorious Lazarus Group, believed to be responsible for stealing over $2 billion in crypto assets through various thefts. According to Elliptic, this disclosure marks the first time a significant crypto heist has been openly attributed to the Lazarus Group since its $100 million exploit of Horizon Bridge in June 2022.

Following the heist, Elliptic shared that it was collaborating with international investigators and exchanges and mobilizing its resources to recover the stolen assets. The firm’s attempts have allegedly resulted in the freezing of over $1 million worth of the stolen funds so far. However, the blockchain analysis company noted that “in response to the freezing of these funds, the thief has begun to change their behavior. In particular, they have turned to the Russia-based Garantex exchange to launder the stolen assets.”

The recent attack joins a series of notable breaches, including the recent exploit of Jimbos Protocol, resulting in a loss of $7.5 million, and a malicious proposal that seized control of Tornado Cash’s governance in May. According to a Chainalysis report, it is estimated that crypto hackers absconded with a staggering $3.8 billion in 2022, with a significant portion attributed to attacks linked to North Korea and a large number of exploits targeting decentralized finance protocols.

Magazine: Should crypto projects ever negotiate with hackers? Probably