Over $35 million of users’ crypto assets have vanished from the self-custodial and decentralized Atomic Wallet. The company recently acknowledged a security breach and assured its users that it is investigating the apparent vulnerability.
A wave of Twitter accounts shared reports of their wallets being emptied of funds, causing a ripple of concern across the Crypto Twitter community.
With over 5 million downloads, Atomic Wallet has gained significant popularity. Initially introduced in 2017 under the name Atomic Swap, it was spearheaded by CEO Konstantin Gladych, who also holds the CEO position at Changelly.com.
On Sunday, Atomic Wallet addressed the situation, saying it could not determine the exact methods used in the attacks. However, the team behind Atomic Wallet assured users that they are actively collaborating with “leading security companies” to conduct a thorough investigation.
We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.
For any questions and concerns, contact [email protected]
— Atomic – Crypto Wallet (@AtomicWallet) June 3, 2023
Additionally, the wallet provider has reached out to relevant organizations, such as analytics firms and exchanges, to facilitate the tracking of the stolen funds.
While several Twitter accounts reported being unaffected by the exploit and successfully transferring their funds to another wallet before any damage occurred, many others expressed dismay at losing all the cryptocurrency they had stored in Atomic Wallet.
Individuals who have reached out to Atomic Wallet as victims of the incident reported being bombarded with inquiries about their internet service providers, their usage of virtual private networks and how they stored their seed phrases.
Atomic Wallet asserted the security of its product by emphasizing that it did not possess sensitive data such as users’ private keys, which were securely encrypted and stored on individuals’ devices.
Help from investigator ZachXBT
As of Sunday, the pseudonymous blockchain investigator ZachXBT had identified stolen funds totaling over $35 million. Among the victims, one individual reportedly suffered a loss of nearly $8 million worth of the stablecoin Tether due to the incident.
At the time of writing, the ERC-20 token AWC from Atomic Wallet experienced a significant decline of over 13 percent within the past 24 hours, as observed on decentralized exchange Uniswap. Its current price stands at $0.22, marking a decrease of more than 96 percent from its all-time high of $7.26, reached in May 2021.
According to ZachXBT, the five largest losses account for nearly half of the stolen funds identified so far.
Update: A new largest victim was found on Tron with 7.95M USDT stolen,
The five biggest losses account for $17M.
My graph has now surpassed $35M in total stolen. pic.twitter.com/eqfXkm9vlL
— ZachXBT (@zachxbt) June 4, 2023
Recent attacks
This recent hack adds to the growing number of crypto breaches that have occurred in recent times. For instance, the $7.5 million exploit of the Jimbos Protocol and the malicious proposal resulted in the takeover of Tornado Cash’s governance in May.
A Chainalysis report highlights the alarming $3.8 billion stolen by crypto hackers in 2022. These attacks primarily targeted decentralized finance protocols and were linked to North Korean actors.
A huge shoutout goes to @buffalu__ @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims.
— ZachXBT (@zachxbt) June 4, 2023
In recent years, the cryptocurrency industry has witnessed a surge in attacks, surpassing the levels seen in previous periods. A report by Immunefi sheds light on the escalating threat landscape, revealing that during the first fiscal quarter of 2023, $440 million was stolen across 73 incidents. These incidents predominantly involved hacks, constituting approximately 95 percent of the total funds lost.
ZachXBT, working in collaboration with Buffalo, the pseudonymous CEO of Jito Labs, and an employee from an MEV infrastructure company, managed to recover $1 million worth of funds.
Recognizing the sensitivity of their approach, Buffalo refrains from revealing their methodology. Nevertheless, they express optimism that their solution could potentially assist other victims in retrieving their stolen assets.