Lazarus Possibly Behind Hacks On Atomic Wallet, Alphapo, Coinspaid

  • On-chain sleuths linked transactions between addresses involved in major exploits and wallets allegedly controlled by DPRK’s Lazarus group.
  • ZachXBT’s analysis of the hacks on payment providers Alphapo and Coinspaid point to the infamous North Korean cybercrime organization.
  • Losses from the hacks on decentralized wallet Atomic Wallet and Alphaho exceed $160 million combined.
  • Coinspaid suspended withdrawals citing a “technical issue” around the same time hackers attacked Alphapo.

Out of the ROK, Lazarus comes forth!

The notorious cybercrime group from North Korea could be behind a recent string of hacks on decentralized wallet provider Atomic Wallet and exploits on payment providers Alphapo and Coinspaid.

On-chain data pieced together by crypto sleuth @onchainsnoop cited by blockchain security firm SlowMist spotted transactions between a pool of wallets involved in the three incidents.

Popular on-chain investigator ZachXBT said ROK’s “Guardians of Peace” are most likely behind Atomic Wallet’s $100 million hack.

On July 25, attackers believed to be Lazarus drained at least $60 million in crypto from Alphapo hot wallets. Alphapo processed payments for crypto casinos like Ignition and Bovada. Coinspaid, another payments provider purportedly tied to Alphapo halted withdrawals around the same. The operator claims to have processed 19 billion Euros in transactions.

“Technical issues,” the Coinspaid team said as the reason for the halt. The team told users to await an official announcement.

Lazarus Effect

Lazarus group is tied to several high-profile hacks in decentralized finance and crypto. On-chain analysts have attributed exploits like the $600 million Ronin bridge hack and the $100 million Harmony bridge exploit to the DPRK-linked organization.

The U.S. Treasury Department sanctioned Tornado Cash due to suspicions that Lazarus used the crypto mixer to launder hundreds of millions of stolen digital currencies.

Lazarus is also reportedly connected to a network of terrorist financing rings in Russia and across the globe.