Elliptic assesses with high confidence that North Korea’s Lazarus Group was responsible for the theft of at least $35 million in cryptoassets from Atomic Wallet users. The attribution is based on laundering behavior that closely matches prior Lazarus thefts, use of services such as the Sinbad mixer, and possible co-mingling with wallets holding proceeds from earlier Lazarus-linked hacks. Elliptic identified many victim wallets and said exchanges and crypto businesses can trace deposits originating from the hack, which would be Lazarus Group’s first major publicly attributed crypto theft since the 2022 Horizon Bridge exploit.