Security firm Elliptic Connect has traced the funds from the recent $35 million Atomic Wallet hack to a coin mixing service.
Called Sinbad, the mixer is also preferred by the infamous North Korean hacker cell Lazarus.
Elliptic reported that the “stolen funds are being swapped for Bitcoin (BTC)” before being laundered through Sinbad.
Coin mixers enable anonymity in cryptocurrency transactions by randomly mixing crypto transfers to obscure the origin and destination of the funds. Last year, the Department of Justice blacklisted Tornado Cash, another popular Ethereum mixing service, essentially banning American citizens from using the service. The agency said it sanctioned the project due its ties in helping ciminals launder money.
According to the firm, Atomic Wallet users were robbed of $35 million in a hack last weekend, affecting 1% of its 5 million users.
The hackers stole user funds in multiple tokens like Tether’s USDT, Ripple (XRP), Cardano (ADA), and Dogecoin (DOGE).
The cryptocurrency wallet provider has yet to figure out the root cause of the hack and has failed to ensure the safety of other unaffected users.
Atomic Wallet hacker’s ties to Lazarus
Ellpitic’s analysts found that the Sinbad mixer was a mere clone of a different sanctioned mixer, Blender, and Lazarus had laundered over $100 million in stolen funds using Sinbad by February 2023.
Elliptic Connect was one of the first firms to establish a link between Sinbad and the Lazarus group earlier this year.
Lazarus is a state-sponsored hacking group in North Korea that has reportedly siphoned $1.2 billion from the crypto industry from 2017 until the end of 2022.
The United States FBI also named Lazarus the prime suspect in the $100 million Harmony Protocol hack earlier this year.