The recent $35 million Atomic Wallet hack has taken several twists and turns, with security firm Elliptic Connect revealing that the stolen funds have been traced to a coin mixing service called Sinbad. The service is known for its popularity among the notorious North Korean hacker cell, Lazarus.
Coin mixers, like Sinbad, serve to provide anonymity in cryptocurrency transactions by randomly mixing transfers in order to obscure the origin and destination of the funds. The Department of Justice blacklisted Tornado Cash, another popular Ethereum mixing service, last year due to its connections in helping criminals launder money. This move essentially banned American citizens from using the service.
The hack on Atomic Wallet affected 1% of its 5 million users, robbing them of $35 million in various tokens such as Tether’s USDT, Ripple (XRP), Cardano (ADA), and Dogecoin (DOGE). The cryptocurrency wallet provider is still grappling to uncover the root cause of the hack and has yet to ensure the safety of other unaffected users.
Elliptic’s analysts discovered that Sinbad is merely a clone of another sanctioned mixer, Blender, and that the Lazarus hacker group had laundered over $100 million in stolen funds using Sinbad by February 2023. The firm was one of the first to establish a link between Sinbad and the Lazarus group earlier this year.
Lazarus, a state-sponsored hacking group in North Korea, is believed to have siphoned off $1.2 billion from the crypto industry from 2017 until the end of 2022. The United States FBI also named Lazarus as the prime suspect in the $100 million Harmony Protocol hack earlier this year.
On one hand, coin mixing services like Sinbad and Blender provide a level of privacy to crypto users that some might argue is necessary in a world of increasing digital surveillance. This aspect of anonymity can be viewed as a part of the initial allure and promise of cryptocurrency, giving users control and autonomy over their own transactions.
On the other hand, their use for illicit activities, such as money laundering, by hacking groups like Lazarus poses a serious challenge for law enforcement agencies and governments to address. This dual nature of anonymity should incite reflection on the appropriate regulatory measures to manage the pros and cons of such services, as well as the need for wallet providers like Atomic Wallet to strengthen their security protocols to protect their customers from hacks and theft.