Atomic Wallet hacker sends funds to the Sinbad crypto mixer
Previously, this service was actively used by North Korean hackers from the Lazarus Group
06.06.2023 - 11:20
888
2 min
0
Elliptic’s Investigations Team has traced funds from the $35 million Atomic Wallet hack to Sinbad.io, a mixer used to launder over $100 million in cryptoassets stolen by North Korea’s Lazarus Group.
Over $35 million has reportedly been stolen from users of Atomic Wallet, a non-custodial cryptocurrency wallet service with five million users worldwide. In a June 3rd tweet, the service acknowledged reports of compromised wallets, before confirming that “less than 1%” of users had been impacted.
At Elliptic, we have identified a large number of impacted wallets, meaning that the stolen funds can be traced in our software. Exchanges and other crypto businesses using Elliptic’s tools will be alerted if they receive proceeds of the theft. We continue to collaborate with Atomic Wallet and others to identify the stolen funds.
Elliptic’s Investigations Team is also following the transaction trail, and has determined that the stolen funds are being swapped for Bitcoin, before being laundered through the Sinbad.io mixer.
Previous Elliptic research revealed that Sinbad has been used intensively to launder over $100 million in proceeds of hacks perpetrated by North Korea’s Lazarus Group. This includes assets from the $540 million Axie Infinity hack and $100 million Horizon Bridge attack.
Elliptic’s analysis also suggests that Sinbad.io is likely to be a re-branded version of Blender.io, another mixer heavily used to launder Lazarus Group funds. Blender was the first such service to be sanctioned by the US Department of the Treasury, due to its use by North Korea.
Elliptic will continue to monitor the and update our system with new information on stolen funds.
This material is taken from the website https://hub.elliptic.co.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$63 784
BTC
-4.67%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.19
XRP
-2.77%
-
Dogecoin
$0.090093
DOGE
-3.16%
-
TRON
$0.160134
TRX
-1.59%
-
Zcash
$594.57
ZEC
-3.9%
-
Cardano
$0.1971
ADA
-7.28%
-
Stellar XLM
$0.210432
XLM
-5.97%
-
Polkadot
$3.32
DOT
+5.27%