Atomic Wallet hack losses exceed $35 million

Users of the decentralized Atomic Wallet wallet lost at least $35 million in digital assets as a result of the hack, according to an on-chain researcher going by the nickname ZachXBT.

Update: A new largest victim was found on Tron with 7.95M USDT stolen,

The five biggest losses account for $17M.

My graph has now surpassed $35M in total stolen. pic.twitter.com/eqfXkm9vlL

— ZachXBT (@zachxbt) June 4, 2023

The five largest losses total $17 million, with one of these victims having $7.95 million stolen.

According to the expert, the losses to victims could exceed $50 million as he continues to identify more victims.

“We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation,” the Atomic Wallet team wrote.

According to the developers, the last unauthorized transaction was recorded on June 3; the incident affected less than 1% of monthly active users. The app serves more than 5 million users.

We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.

For any questions and concerns, contact support@atomicwallet.io

— Atomic — Crypto Wallet (@AtomicWallet) June 3, 2023

According to the Atomic Wallet team, they have provided the addresses of affected users to leading exchanges and blockchain-analytics firms to assist the investigation.

SlowMist has joined the tracking of the stolen funds and urged affected users to fill out a form so that specialists could begin tracing the assets.

If you were a victim of the @AtomicWallet hack, we kindly request you to fill out the form below, so we can assist you in the recovery process: https://t.co/solekNMTOl

— SlowMist (@SlowMist_Team) June 4, 2023

ZachXBT also asked for data to be sent to him. The researcher said he managed to secure $1 million for one of the victims. He did not disclose further details, except for the help from the founders of the MEV-project Jito Labs on Solana.

A huge shoutout goes to @buffalu__ @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims.

— ZachXBT (@zachxbt) June 4, 2023

Experts noted that, in the wake of the incident on Twitter, scammers have been sending phishing messages about refunds to victims of the hack.

Be careful phishing scammers have already started spamming fake Atomic Wallet refund tweets on Twitter to prey on desperate victims. pic.twitter.com/ZuhJpGg5Eu

— ZachXBT (@zachxbt) June 3, 2023

Despite Atomic Wallet’s claim that the attack had ceased, ZachXBT recommended that users withdraw their assets from the application.

Atomic Wallet — non-custodial wallet, which implies self-custody of private keys.

In the terms of service of the application, it states:

“Under no circumstances shall Atomic Wallet be liable to you for: […] any unauthorized use of your wallet address and/or private key arising from your failure to maintain confidentiality”.

One commenter drew attention to the audit of Atomic Wallet by the security firm Least Authority. In February 2022 the firm asked the wallet team to bring the app code into line with the recommendations and requirements of the April 2021 report.

“We identified several security-critical issues that leave current Atomic Wallet users vulnerable to a range of attacks that could lead to a total loss of user funds. In particular we found that users’ funds were at heightened risk due to the current usage and implementation of cryptography,” Least Authority said.

Experts strongly recommended notifying Atomic Wallet’s customers about the issues and suspending the use of the wallet.

⚠️ Can you explain this, security disclosure since 2021!!
I’M OUT❗❗ ⚠️https://t.co/DWO9qTV0Wq

— Lee maddeys (@MaddeysLee) June 5, 2023

In May, DeFi projects lost $19.69 million in exploits, and losses from rug-pull schemes more than doubled that figure to $45 million.