The Atomic Wallet Hack
The security community is currently investigating a significant security breach that has resulted in substantial losses for users of Atomic Wallet. Reports have emerged of stolen tokens, erased transaction data, and even complete loss of crypto portfolios.
Investigation into the Attack
Since June 2, Atomic Wallet users have suffered losses exceeding $35 million, as revealed by an analysis conducted by on-chain investigator ZachXBT. The five largest losses alone account for a staggering $17 million. Atomic Wallet has acknowledged the attack on Twitter and is actively investigating its cause. The reports indicate that tokens have been lost, transaction histories have been erased, and entire crypto portfolios have been stolen.
According to ZachXBT, an independent investigator renowned for tracing stolen crypto funds and assisting hacked projects, the largest individual victim has lost $7.95 million in Tether (USDT). ZachXBT expressed concern that the overall losses could potentially surpass $50 million, as more victims are being discovered. This is a distressing situation for the affected individuals and the wider crypto community.
Victims Speak Out
Atomic Wallet boasts a user base of over 5 million individuals worldwide. Cointelegraph spoke with one long-time client of Atomic Wallet who fell victim to this security breach. Emre, a cybersecurity expert from Turkey, expressed deep regret over the incident, given his professional background.
He lost nearly $1 million in crypto assets, which he had received through bug bounty programs. Among the stolen tokens were Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), Ethereum (ETH), USDT, USD Coin (USDC), Binance Coin (BNB), and Polygon (MATIC). Emre revealed that the funds were intended for establishing a cybersecurity firm in Turkey.
Atomic Wallet has acknowledged the situation but has not provided substantial information to affected users thus far. Emre stated that the support team is collecting victim addresses and has reached out to major exchanges and blockchain analytics companies to trace and block the stolen funds. However, there is currently no concrete resolution in place.
Atomic Wallet’s Liability and Terms of Service
Atomic Wallet operates as a noncustodial-decentralized wallet, which means that users are solely responsible for the assets stored within the application. As per the wallet’s Terms of Service, Atomic Wallet does not accept any liability for damages incurred on the blockchain by its users. One excerpt explicitly states, “Under no circumstances will Atomic Wallet be liable to you for damages arising out of the services exceeding $50.” This clause may potentially raise concerns for those affected by the hack.
Limited Communication and Security Measures
Atomic Wallet has been relatively tight-lipped about the incident, providing minimal updates to affected users. In a tweet on June 4, their team mentioned that the support team is collecting victim addresses and has sought assistance from major exchanges and blockchain analytics firms. This is the second official communication issued by Atomic Wallet since the breach occurred.
Individuals reaching out to Atomic Wallet have been asked to answer a series of more than 20 questions regarding their internet service providers, usage of virtual private networks (VPNs), and storage methods for seed phrases. This suggests that Atomic Wallet is actively gathering information to aid in their investigation.
Possible Exploit and the Growing Trend of Crypto Hacks
Within Telegram’s community channels, some members have speculated that the exploit might have originated from an outdated dependency package. Dependency packages define the relationships and order of activities within a program, including the necessary libraries for executing these activities.
The Atomic Wallet hack adds to the increasing list of crypto-related security breaches. Recent incidents include the $7.5 million exploit of Jimbos Protocol and a malicious proposal that compromised Tornado Cash’s governance in May. According to a Chainalysis report, crypto hackers stole an estimated $3.8 billion last year, predominantly through attacks linked to decentralized finance protocols, often associated with North Korea.
Seeking Answers
Despite our attempts to contact Atomic Wallet, we have not received an immediate response. The affected individuals and the wider crypto community eagerly await further updates and clarification from Atomic Wallet regarding the incident, the ongoing investigation, and potential compensation for the victims.
