Atomic Wallet Hacked, $35 Million in Losses

A recent cyberattack on Atomic Wallet, a popular crypto wallet provider, has resulted in the theft of at least $35 million worth of cryptocurrency assets since 2 June 2023, according to an independent investigation conducted by pseudonymous Twitter user ZachXBT.

The investigation identified the five largest losses, amounting to $17 million, caused by the attack. The largest victim reported a loss of $7.95 million in Tether funds held in Atomic Wallet.

Reports from the victims indicate that not only were tokens lost, but transaction histories were also erased in some cases, with entire crypto portfolios being stolen.

The stolen tokens included:

• Bitcoin (BTC)
• Ethereum (ETH)
• Tether (USDT)
• Dogecoin (DOGE)
• Litecoin (LTC)
• BNB Coin (BNB)
• Polygon (MATIC)
• Tron-based USDT.

ZachXBT’s analysis of on-chain data showed that the largest stolen stash belonged to a victim with Tron-based USDT funds, which were drained, resulting in a significant loss.

An on-going investigation

Atomic Wallet is a non-custodial decentralised wallet, meaning that users are responsible for the security of their assets stored in the application.

However, Atomic Wallet’s Terms of Service do not accept liability for on-chain damages suffered by users. 

The firm is actively investigating and analysing the attack but has not yet released specific details regarding the nature of the attacks.

The investigation is ongoing, with leading security companies working together to determine possible attack vectors.

Victims have taken to Atomic Wallet’s official Telegram channel to share their experiences and seek assistance.

The breach has highlighted the need for enhanced cybersecurity measures and has prompted Atomic Wallet to collaborate with third-party security companies to investigate the incident and block stolen funds. 

Some people in Telegram’s community channels said that the exploit might have come from an old dependency package.

Dependency packages show how activities in a program are related to each other, including the order in which they should be done and the libraries that are needed to do these activities.

Less than 1% of monthly active users impacted

As of Monday, June 5, Atomic Wallet stated that “less than 1% of monthly active users” were impacted by the breach, which occurred over the weekend. 

Atomic Wallet has asked victims to submit information through a Google Docs form in order to conduct further investigations.

Users have reported having their crypto stolen after updating the software to the latest version. Even so, there were also those impacted who had not yet updated their software to the latest version.

The wallet company advises users to visit their website to sync their wallets and safeguard their private key seed phrase.

They are also asking users to forward wallet addresses used on various exchanges to aid in the recovery process and block the stolen funds.

Meanwhile, data provided by ZachXBT shows that the earliest recorded malicious transaction related to the hack dates back to June 2, 2023, at 21:45 UTC.

Where are the funds going?

As of June 5, blockchain compliance analytics firm Elliptic reported that the funds stolen in the Atomic Wallet hack were transferred to a crypto mixer commonly favoured by North Korea’s Lazarus Group.

Elliptic did not provide specific details about the amount sent to the mixer but noted that the loot was likely swapped for Bitcoin to obfuscate its origin, shedding light on the findings.

Atomic Wallet’s Chief Marketing Officer, Roland Säde, suggested that victims track illicit transfers and report them to popular crypto exchanges to prevent scammers from exchanging the stolen funds. However, it may already be too late for many victims, given Elliptic’s latest revelations.

The Atomic Wallet hack serves as a reminder of the ongoing cybersecurity challenges faced by the crypto industry. It emphasises the importance of implementing robust security measures to safeguard users’ assets.

Looking to improve your crypto security? Read our essential security tips.