The Atomic Wallet team reported that they are working to recover the funds, but would not confirm how much money was stolen in the attack.
Atomic Wallet has released a follow-up report on the hack it suffered on June 3. In the report, the Atomic Wallet team wrote that “less than 0.1%” of its 5 million users were affected by the hack, and that “no new cases have been reported since June 3.”
It added that the team is working to recover the funds and identify the cause of the attack, "collaborating with major exchanges to freeze suspicious deposits" and partnering with blockchain analysis firms Chainalysis and Crystal to track the stolen funds.
A spokesperson from the team told Decrypt in a chat on Atomic's Telegram channel that "some funds are blocked at some exchanges" but they couldn’t provide exact figures.
Today’s report did not disclose the total amount lost in the hack. On June 14, blockchain security firm Elliptic reported the hackers stole more than $100 million, up from the $35 million initially cited by pseudonymous blockchain sleuth ZachXBT. Elliptic’s June 14 report also noted that crypto worth $1 million was frozen across exchanges.
'Sorta Lazarus Group'
The Atomic Wallet team claims to have narrowed the potential causes to four possibilities, including "virus targeting on local users devices, infrastructure breach, malware code injection, or a man-in-the-middle attack."
While today’s report did not confirm the attacker's identity, security firms Elliptic and MistTrack have established links to the notorious North Korean hacking group Lazarus.
Speaking to Decrypt, an Atomic Wallet spokesperson would not confirm the North Korean group's involvement, while noting that, “some investigation agencies” had claimed that it was the work of “sorta Lazarus group."
According to Elliptic, Lazarus Group was caught converting the stolen tokens to Bitcoin before mixing them through Blender.io in a bid to launder the funds.
Further investigation from the sleuths revealed recently that the hackers were using multiple techniques to circumvent attempts to freeze the stolen funds.
Elliptic found that hackers had used sanctioned Russian crypto exchange Garantex to convert crypto to fiat.
MistTrack's latest report from June 20 also points to the use of decentralized bridges such as ThorChain and Swift Blockchain to convert stolen ETH to BTC.