At least USD 35 million in crypto assets have been stolen to Atomic Wallet users since June 2, according to an analysis by on-chain detective ZachXBT. The five largest losses represent USD 17 million.
According to Atomic Wallet on Twitter, the cause of the attack is being investigated. There have been reports of lost tokens, deletion of transaction histories, and even theft of entire cryptocurrency wallets.
An independent investigation by pseudonymous Twitter user ZachXBT, known for tracking down stolen funds and helping hacked projects, has found that the biggest victim lost $7.95 million worth of Tether (USDT). “I think it could be over $50 million. I keep finding more and more victims, sadly,” ZachXBT commented.
Atomic Wallet claims to have more than 5 million users worldwide. Cointelegraph spoke with a former Atomic client who is now a victim of the security incident. “I felt terrible because I am a cybersecurity expert by profession,” said Emre, a Turkish resident who lost almost $1 million in crypto assets received from bug bounty programs. The tokens stolen from him include Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), Ethereum (ETH), USDT, USD Coin (USDC), Binance Coin (BNB) and Polygon (MATIC).
“They say they are looking into it, but they don’t have anything concrete yet,” Emre continued. The funds held in Atomic Wallet were intended for the creation of a cybersecurity company in Turkey.
Atomic is a non-custodial decentralized wallet, which means that users are responsible for the assets stored in the app. As usual, your terms of service do not accept any responsibility for on-chain damages suffered by users. “Under no circumstances will Atomic Wallet be liable to you for damages arising from services that exceed $50,” an excerpt reads.
Update: The investigation is still ongoing in a joint effort with the leading security companies. The team is working on possible attack vectors. Nothing yet confirmed.
Support team is collecting victim addresses. Reached out to major exchanges and blockchain analytics companies…
— Atomic – Crypto Wallet (@AtomicWallet) June 4, 2023
So far, Atomic Wallet has provided little information to users. “Support team is collecting addresses of victims. Contacted major exchanges and blockchain analytics firms to track and block stolen funds,” Atomic’s team said in a June 4 tweet, their second official statement.
People who have contacted Atomic have been told order that answer more than 20 questions about internet providers, use of virtual private networks (VPN) and storage of seed phrases.
On Telegram community channels, some pointed out that the exploit might have originated via an outdated dependency package. Dependency packages describe the relationship between the activities that must be performed within a program, including the order in which they must be performed, and the libraries required to perform them.
The attack joins a growing list of hacks to steal cryptocurrency. The most recent cases include the $7.5 million Jimbos Protocol exploit and a malicious proposal that took over Tornado Cash governance in May. A Chainalysis Report esteem that in total hackers stole $3.8 billion worth of cryptocurrency last year, primarily through North Korea-linked attacks that breached various decentralized finance protocols.
Cointelegraph reached out to Atomic Wallet, but did not receive an immediate response.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.