North Korean Lazarus Group Linked to Coinspaid, Atomic Wallet, and Harmony Hacks

Investigators discovered a link between North Korea’s Lazarus Group’s and the Coinspaid, Atomic Wallet, and Harmony hacks.

Kim Jong Un glitching out of a nuclear plant.
Created by Kornelija Poderskytė from DailyCoin
  • New evidence emerges linking Coinspaid, Atomic Wallet, and Harmony hack. 
  • The perpetrators are suspected to be the infamous Lazarus Group. 
  • Earlier investigations linked the Atomic Wallet hack to the Lazarus group. 

In the emerging crypto space, hacks are becoming an unfortunate but permanent issue. However, blockchain transparency enables independent investigators to go after the suspected hackers. Recently, on-chain sleuths made a startling discovery, linking the notorious Lazarus Group to a series of hacks involving Coinspaid, Atomic Wallet, and Harmony. 

Coinspaid, Atomic Wallet, and Harmony All Linked to Lazarus

On Thursday, August 3, on-chain investigators that go by @tayvano_ and @zachxbt revealed a link between the funds stolen in Coinspaid, Atomic Wallet, and Harmony hacks.

They traced these funds to approximately $8.5 million across more than 300 addresses on three different chains. As a result of their investigation, they identified the infamous North Korean Lazarus Group as the potential orchestrator of these breaches. The total losses from these hacks are estimated to be over $290 million. 

The Atomic Wallet Hack and North Korea’s Suspected Involvement

On June 3, the Atomic Wallet was exploited, losing over $35 million in cryptocurrency. This hack sent shockwaves through the crypto community, with suspicions pointing towards the notorious North Korean hackers, the Lazarus Group. 

Just three days after the hack, Blockchain intelligence firm Elliptic claimed that the Atomic Wallet hack could be the doing of Lazarus. Independent crypto investigator ZachXBT corroborated these claims, stating that North Korean hackers were likely responsible for the breach.

On-chain data showed that hackers used a crypto mixer known to be favored by North Korea’s most notorious cyber-hacking group. Moreover, Elliptic noted that hackers followed a “series of steps that exactly match those employed to launder the proceeds of past hacks perpetrated by Lazarus Group.”

The Lazarus Group, also known as the Guardians of Peace or Whois Team, is a cybercrime group that allegedly answers to the government of North Korea. The group is responsible for sophisticated cyber-attacks, including the 2014 Sony Pictures hack and the WannaCry ransomware attack in 2017. 


In recent years, Lazarus has turned its attention to crypto, with several reports linking them to large-scale cryptocurrency heists. The group is known for its advanced techniques and the use of crypto mixers to obfuscate the trail of stolen assets, making it harder for investigators to track the stolen funds.

On the Flipside

  • While the Lazarus Group’s potential involvement in these hacks is alarming, it’s important to note that there is no definitive evidence that Lazarus was behind the attack. Its procedures and techniques are matters of public knowledge, meaning that copycats could as well be behind the hack.
  •  Following the hack, unscrupulous scammers were looking to victimize Atomic Wallet owners again. Luring them with fake refunds, scammers tried to get the funds the hackers couldn’t. 

Why This Matters

For crypto traders, understanding the security landscape is crucial. The revelation of the Lazarus Group’s involvement in these hacks serves as a stark reminder of the potential risks involved in crypto trading.

Read more about the latest hack by Lazarus Group: 

Atomic Wallet Hack: Is North Korea Behind It?

Read more about Binance and its latest legal troubles: 

Is Binance Too Big to Fail? DOJ Worries of Run on Exchange

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.