The stolen funds from the Atomic Wallet hack have been traced to a coin mixer used to launder crypto assets swiped by North Korea’s notorious Lazarus Group. Nearly $35 million worth of crypto assets were drained from users of the centralized wallet service since June 2.

According to the investigation team at Elliptic, the stolen funds are being swapped for Bitcoin before being laundered through ‘Sinbad.io.’

North Korean Ties

Sinbad.io mixer has been used to launder more than $100 million in proceeds of exploits pulled off by North Korea’s Lazarus Group. This includes assets from the $540 million Axie Infinity hack as well as the $100 million Horizon Bridge attack.

The blockchain compliance analytics firm said its investigation indicates that Sinbad.io is likely to be a re-branded version of Blender.io, another mixer heavily used to launder Lazarus Group funds. Interestingly, Blender was the first such service, tied to the Democratic People’s Republic of Korea, to be sanctioned by the US Department of the Treasury last May.

Atomic Wallet had previously confirmed conducting security investigations as well as tracking the movement of funds. However, if Elliptic’s findings are to be taken into account, it is unlikely that the wallet service provider will be able to prevent the attackers from exchanging funds.

Contradicting Claims

In a statement earlier this week, Atomic Wallet said less than 1% of its monthly active users were affected by the exploit, but the community disputed the claims. While several users have reported tokens being lost and transaction data being erased, others lamented that their entire crypto portfolios were wiped off.

The service describes itself as a cold wallet type, wherein all passwords and data are stored on the user’s device instead of a server. Such a system reduces risks associated with custody or the possibility of losing funds through centralized services. However, the latest exploit highlights the intricacies of security vulnerabilities that come with cold wallet-style storage.

Atomic Wallet revealed teaming up with major exchanges and blockchain analytics to trace and block the stolen funds but has not specified if law enforcement has been roped in. The platform has also failed to determine the root cause of the exploit.

Furthermore, details of compensation plans have not been revealed yet.