Security firm Elliptic Connect has traced the funds from the recent $35 million Atomic Wallet hack to a coin mixing service.
Called Sinbad, the mixer is also preferred by the infamous North Korean hacker cell Lazarus.
Elliptic reported that the “stolen funds are being swapped for Bitcoin (BTC)” before being laundered through Sinbad.
Coin mixers enable anonymity in cryptocurrency transactions by randomly mixing crypto transfers to obscure the origin and destination of the funds. Last year, the Department of Justice blacklisted Tornado Cash, another popular Ethereum mixing service, essentially banning American citizens from using the service. The agency said it sanctioned the project due its ties in helping ciminals launder money.
Government Crackdown on Tornado Cash Was Just Round 1
Decrypting DeFi is Decrypt's DeFi email newsletter. (art: Grant Kempster) This week the U.S. government shook the entire crypto world to its core. The Treasury Department sanctioned the crypto mixer Tornado Cash as well as several crypto wallet addresses associated with the service. That means the protocol and its associated smart contracts are now blacklisted, making them illegal for Americans to use. Tornado is a privacy tool that lets users obfuscate where their funds have been and where they...
According to the firm, Atomic Wallet users were robbed of $35 million in a hack last weekend, affecting 1% of its 5 million users.
The hackers stole user funds in multiple tokens like Tether’s USDT, Ripple (XRP), Cardano (ADA), and Dogecoin (DOGE).
The cryptocurrency wallet provider has yet to figure out the root cause of the hack and has failed to ensure the safety of other unaffected users.
Atomic Wallet hacker’s ties to Lazarus
Ellpitic’s analysts found that the Sinbad mixer was a mere clone of a different sanctioned mixer, Blender, and Lazarus had laundered over $100 million in stolen funds using Sinbad by February 2023.
Elliptic Connect was one of the first firms to establish a link between Sinbad and the Lazarus group earlier this year.
Lazarus is a state-sponsored hacking group in North Korea that has reportedly siphoned $1.2 billion from the crypto industry from 2017 until the end of 2022.
The United States FBI also named Lazarus the prime suspect in the $100 million Harmony Protocol hack earlier this year.