“We are tracking more than 5,500 cryptocurrency wallets that we believe were compromised as a result of the attack,” the company’s experts said.
Meanwhile, Atomic Wallet representatives have yet to offer any explanation as to the underlying cause of the hack. In a June 3 tweet, the developers only acknowledged the validity of reports of hacked wallets and added that “less than 1% of users” were affected.
Elliptic attributed the incident to North Korea’s Lazarus Group, which is believed to have stolen more than $2 billion worth of crypto assets already in multiple attacks over several years. The Atomic Wallet attack was the first major cryptocurrency theft publicly attributed to Lazarus since the $100 million Horizon Bridge hack in June 2022.
Since the theft, Elliptic has been working to recover stolen assets. Analysts have already helped freeze more than $1 million in stolen assets.
In response to the asset freeze, attackers have begun to change their behavior. In particular, they turned to the Russian Garantex. Garantex came under U.S. Treasury Department sanctions in April 2022 on charges of money laundering. However, the Moscow Stock Exchange continues to operate.
Earlier, Elliptic reported that crypto-assets that were stolen from Atomic Wallet wallets started to go to Sinbad service, popular with Lazarus Group hackers.
The most affected Atomic Wallet user lost 1,897 ETH ($3.5 million). Also, the five largest wallets, from which hackers withdrew funds, lost a total of $ 9.7 million. The only way Atomic Wallet users can protect their assets is to transfer funds to new addresses created with different software.