Reading 3 min Views 3 Published Updated
At least $35 million worth of cryptocurrency assets have been stolen from Atomic Wallet users since June 2, according to an analysis by web sleuth ZachXBT. The top five losses account for $17 million.
According to Atomic Wallet on Twitter, the cause of the attack is being investigated. There have been reports of lost tokens, deletion of transaction history, and even the theft of entire portfolios of cryptocurrencies.
An independent investigation conducted under the pseudonym ZachXBT on Twitter, known for tracking stolen crypto funds and helping hacked projects, found that the largest victim lost $7.95 million in Tether (USDT). “I think it could go over $50 million. Unfortunately, keep finding more and more victims,” commented ZachXBT.
Atomic Wallet claims to have over 5 million users worldwide. Cointelegraph spoke to a longtime Atomic client who has now been the victim of a security breach. “I felt terrible because I am a cybersecurity expert by profession,” said Emre, a Turkish resident who lost nearly $1 million in crypto assets from bug bounty programs. His stolen tokens include Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), Ethereum (ETH), USDT, USD Coin (USDC), Binance Coin (BNB), and Polygon (MATIC).
“They say they’re looking into it, but there’s nothing concrete yet,” Emre continued. The funds held in the Atomic Wallet were for the creation of a cybersecurity firm in Turkey.
Atomic is a non-custodial decentralized wallet, which means that users are responsible for the assets stored in the app. As usual, its Terms of Service does not take any responsibility for losses incurred by users on the network. “Under no circumstances will Atomic Wallet be liable to you for damages resulting from the services in excess of $50,” reads one excerpt.
Update: The investigation is still ongoing in a joint effort with the leading security companies. The team is working on possible attack vectors. Nothing yet confirmed.
Support team is collecting victim addresses. Reached out to major exchanges and blockchain analytics companies…
— Atomic-cryptocurrency Wallet (@AtomicWallet) June 4, 2023
So far, Atomic Wallet has provided little information to users. “The support team is collecting the addresses of the victims. Contacted major exchanges and blockchain analytics companies to trace and lock up stolen funds,” the Atomic team said in a June 4 tweet, its second official announcement.
Those who contacted Atomic were asked to answer more than 20 questions about ISPs, using virtual private networks (VPNs), and storing seed phrases.
In the Telegram community channels, some have pointed out that the exploit may have been created due to an outdated dependency package. Dependency packages describe the relationship between the activities that must be performed in a program, including the order in which they must be performed and the Libraries required to perform those activities.
The attack joins a growing list of cryptocurrency hacks. The most recent cases include the $7.5 million Jimbos Protocol exploit and the malicious offering that took over Tornado Cash in May. Cryptocurrency hackers stole $3.8 billion last year, mostly as a result of North Korea-related attacks using decentralized finance protocols, according to a Chainalysis report.
Cointelegraph reached out to Atomic Wallet but received no immediate response.