On June 13, the administration of the non-custodial wallet Atomic Wallet was sent summons for questioning from law enforcement agencies of Kazakhstan. This was reported to Cryplogger by a representative of Match Systems, which is conducting its own investigation into the case.
In addition, law enforcement officers requested server logs – an activity log that records all user actions on the site.
“To date, they have not been provided to any of the victims or analytics companies investigating the incident from the side of the victims,” said Joseph Anderson, head of investigations at Match Systems, in a comment to Cryplogger.
He also said that there is a conflict of interest between the management of Atomic Wallet and the affected users related to the non-custodian’s refusal to provide information about the functioning of the wallet.
“The service was positioned as a cold wallet, but for some reason it kept all the private keys on its side,” Anderson added.
Match System is currently handling cases of affected Atomic Wallet users totaling $14 million.
Earlier in a comment RBC company representatives said that the developers of the wallet do not contribute to the investigation of the theft and refuse to provide any details of the technical side of the incident. This does not allow for an independent assessment of the hack, according to the Match System.
On June 8, representatives of Atomic Wallet announced a joint investigation with Chainalysis, an analytics company. The team said that “less than 1%” of the monthly active users of the service were affected by the hack, and the attack itself was stopped on Saturday, June 3. IN answer To this, users on Twitter posted screenshots showing that their funds were stolen even after the specified time.
Atomic Wallet has previously been criticized for its lack of action on vulnerabilities identified during the wallet audit.
Fuck you @AtomicWallet
Fuck you @gladkos
Fuck you @Changelly_team
Your security posture sucks, you refuse to listen to people, you aggressively silence people, and your products and services facilitate theft on a daily basis and have for years.https://t.co/lkpmDauNLO
— Tay 💖 (@tayvano_) June 3, 2023
“Identified security flaws mean that Atomic Wallet likely “inadvertently stored” users’ private keys that are used to access wallet funds,” wrote cybersecurity researcher and MyEtherWallet developer Taylor Monahan.
The auditing company Least Authority at the time statedthat “the Atomic Wallet system is not well thought out in terms of security and exposes wallet users to significant risk.”
As a reminder, starting June 2, several user accounts of the non-custodial wallet Atomic Wallet were compromised, which led to the loss of digital assets in the amount of up to $35 million.
Subsequently, the stolen funds passed through the Sinbad.io mixer and the Russian bitcoin exchange Garantex, which is under US sanctions.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!