Sinbad is Lazarus’ “favorite” bitcoin mixer, according to Elliptic.
The firm collaborates with Atomic Wallet in tracking stolen cryptocurrencies.
In a security incident that occurred on June 3, unidentified hackers still stole more than $35 million from Atomic Wallet users. The investigative team at Elliptic, a company specializing in blockchain analytics, traced the stolen funds to a bitcoin (BTC) mixer known as Sinbad.io.
In it report, it highlights the fact that this mixer was also previously used by the Lazarus group, a North Korean-backed hacker group. According to the analyzes carried out by Elliptic, Lazarus has used Sinbad.io in the past to launder more than $100 million worth of crypto assets.
This group, famous for its sophisticated cyberattacks and its links to the North Korean government, has been behind attacks reported at the time by CriptoNoticias, such as the hacking of USD 540 million to the network of the popular Play-to-Earn game Axie Infinity.
According to Elliptic research, Sinbad.io appears to be a rebranded version of Blender.io, another mixer that was sanctioned by the United States Department of the Treasury due to its use by North Korea. These mixers allow hackers to hide the origin of the stolen funds and thus make it more difficult for authorities and cryptocurrency companies to trace them.
Following this incident, Elliptic says it is working closely with Atomic Wallet and other entities involved to identify stolen funds and take the necessary steps for their recovery. In addition, cryptocurrency companies using Elliptic’s tools will be alerted to potential proceeds from this theft, helping to prevent money laundering.
Details of the Atomic Wallet hack
As reported in this newspaper, the Atomic Wallet cryptocurrency wallet suffered an attack that resulted in the theft of around USD 35 million in various cryptocurrencies, such as bitcoin, ether (ETH) and Tether (USDT), among others. All cryptocurrencies other than bitcoin were exchanged for BTC before going through Sinbad.
Atomic Wallet confirmed the theft and assured is conducting research to determine the scope of the incident and take necessary action. So far, it has not been revealed how the attack was carried out or what vulnerabilities were exploited. The company limited itself to reporting that “only 1% of its users were affected.”