The Atomic Wallet Hack: North Korea and the Activities of the Lazarus Group
Cryptocurrencies have long been a target for hackers, and the recent Atomic Wallet hack is just the latest example. The attack, which resulted in millions of euros’ worth of cryptocurrencies being stolen, has been linked to the notorious Lazarus Group, widely believed to be a state-sponsored hacking collective operating out of North Korea. In this article, we will explore the details of the hack, the actions of the Lazarus Group, and the wider implications for the cryptocurrency industry.
Many Millions Stolen for North Korea
The Atomic Wallet hack was first revealed to the public via a tweet from the team at Atomic Wallet. Two days later, they reported that less than 1% of their users had fallen victim to the hack. However, according to crypto analytics company Elliptic, $35 million has been lost to the hackers, making it a significant attack in terms of value. Elliptic has identified a large number of victims, which makes it easy to trace the stolen crypto. In this instance, the trace has led Elliptic to conclude that the Lazarus Group is the likely perpetrator of the hack.
The Lazarus Group: A Notorious History
The Lazarus Group is no stranger to high-profile hacks. They were responsible for the ‘Harmony Horizon bridge hack’, which resulted in over $100 million being stolen, and the biggest crypto hack in history: the ‘Ronin’ hack, which involved the theft of $625 million worth of ethereum (ETH). The group is widely believed to work for the Korean government, with the captured crypto being used to finance nuclear weapons programs, among other things. The connection between the Lazarus Group and the North Korean regime is an ongoing subject of speculation and investigation.
Crypto Wallet Warned of Weaknesses
One of the reasons the Atomic Wallet hack was so successful was due to weaknesses in the wallet’s security measures. Several issues were identified by security firm Least Authority in a warning issued to the Atomic Wallet team in 2022. They included weak cryptography, poor wallet design, and a lack of strong documentation. Further issues were found with its app builder, which was misused by Atomic Wallet. It is this combination of factors that allowed the Lazarus Group to attack the wallet successfully.
Recovering the Stolen Crypto
Despite the scale of the Atomic Wallet hack, there have been some successes in terms of recovering the stolen crypto. According to researcher ZachXBT, $1 million worth of stolen crypto has been recovered so far. The Atomic Wallet CEO has yet to comment publicly on the attack. However, the team at Atomic Wallet is working hard to repair the damage, pushing as much information as possible to services like Elliptic. A significant proportion of the stolen crypto was deposited on exchanges by the Lazarus Group, but Atomic Wallet, working with the relevant exchanges, was able to freeze the tokens.
The Atomic Wallet hack is a stark reminder of the ongoing threat posed by hacking groups like the Lazarus Group, and the need for enhanced security measures within the cryptocurrency industry. While the fact that some of the stolen crypto has been recovered is encouraging, the implications of such a significant hack are far-reaching. It remains to be seen what the long-term effects will be, both for Atomic Wallet and the cryptocurrency industry as a whole.