Elliptic: Atomic Wallet hacker sent assets to mixer used by Lazarus Group

Assets stolen in the Atomic Wallet breach, totaling more than $35 million, are being laundered by the hacker through the Sinbad.io cryptocurrency mixer, Elliptic researchers found.

The $35 million stolen from @AtomicWallet users is being laundered through Sinbad — the mixer fka(?) Blender and used heavily by NK’s Lazarus Grouphttps://t.co/UHCwfZiw8e

— Elliptic Investigations (@Elliptic_Inv) June 5, 2023

In earlier investigations, experts determined that the service was actively used by North Korea’s Lazarus Group. Through Sinbad.io, funds linked to it totaling more than $100 million passed. This sum includes part of the assets from the Axie Infinity breach of about $600 million and the attack on the Horizon cross-chain bridge with losses of $100 million.

Elliptic did not disclose the amount of Atomic Wallet user assets sent to the mixer. The researchers only noted that the hacker had first converted all the cryptocurrencies into Bitcoin.

According to the researchers, Sinbad is a clone of another mixer — Blender.io, through which the Lazarus Group also laundered funds. However, this service was sanctioned by the U.S. Department of the Treasury in May 2022.

Elliptic researchers said they would continue to track the stolen Atomic Wallet assets in cooperation with the wallet team and other parties, including exchanges and crypto firms.

In August, the U.S. Treasury added to the sanctions list the Ethereum mixer Tornado Cash. The agency accused the platform of facilitating the laundering of cryptocurrency from illicit sources totaling more than $7 billion.