The Korea Herald


N. Korea’s Lazarus Group suspected of stealing over $100 million in crypto

By Ji Da-gyum

Published : June 14, 2023 - 15:18

    • Link copied

(123rf) (123rf)

North Korea's state-sponsored Lazarus Group is believed to have stolen more than $100 million in cryptocurrency from an Estonian company, marking the latest in a series of high-profile cyberthefts by Pyongyang operatives.

London-based blockchain analytics firm Elliptic on Tuesday disclosed the findings of its analysis, which tracked over 5,500 crypto wallets suspected to have been compromised in the cryptocurrency breach of Atomic Wallet.

The estimated total amount of reported losses suffered by Atomic Wallet users exceeds $100 million, according to Elliptic. Atomic Wallet is a decentralized wallet that allows users to store, manage and exchange cryptocurrencies in one place. It has around 5 million users worldwide.

Elliptic initiated the freezing of $1 million in stolen assets in collaboration with various investigators and exchanges worldwide.

In response to the freezing of crypto assets, hackers have adjusted their strategies and turned to the Russia-based Garantex exchange for laundering the illicitly obtained funds.

Garantex was subjected to sanctions by the US Department of the Treasury in April 2022 due to its role in facilitating the laundering of proceeds from ransomware attacks and darknet markets.

Atomic Wallet made the initial acknowledgment of users' wallets being compromised in the hack on June 3. Subsequently, on June 6, Elliptic attributed the cryptocurrency theft to the Lazarus Group with a "high level of confidence," presenting evidence to support its conclusion.

The process of laundering the stolen cryptocurrency mirrors the exact steps used in previous instances of laundering funds obtained through cyberthefts perpetrated by Lazarus Group.

The stolen assets are also being laundered through specific services, such as the Sinbad mixer, which have previously been utilized by Lazarus Group to launder the proceeds of their past hacking activities.

Elliptic explained that the hack of Atomic Wallet is believed to be the most recent significant cryptocurrency heist carried out by Lazarus Group. This incident follows their previous exploit of Horizon Bridge in June 2022, which resulted in a theft of $100 million.

Lazarus Group has been accused of committing high-profile cryptocurrency thefts that include the $625 million Ronin bridge heist in March 2022 and $275 million hacking of KuCoin in 2020.

North Korea-linked hackers, including Lazarus Group, were responsible for the theft of an estimated $1.7 billion worth of cryptocurrency through multiple hacks in 2022, according to US Blockchain data platform Chainalysis.

Anne Neuberger, the US deputy national security adviser for cyber and emerging technology, in May said around half of North Korea’s missile program has been financed by crypto heists and cyberattacks.