A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT. The five most significant losses account for $17 million.
“Think it could surpass $50m. Keep finding more and more victims sadly,” said Twitter user ZachXBT, who is an on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects.
The biggest victim of the Atomic Wallet was an individual who reportedly lost $7.95 million in Tether.
Atomic Wallet is a crypto wallet that is used for buying, staking, and exchanging Bitcoin, Ethereum, XRP, Litecoin, USDT, and over 1000 other coins and tokens. The company claims it has over five million users worldwide.
Atomic Wallet investigating the attack
Atomic Wallet said on June 3 that it had received reports of compromised wallets and had begun investigating the issue.
“We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly,” Atomic Wallet said in a tweet.
The following day, the company said it is working with third-party security companies to investigate the incident and block the stolen funds from being sold on different crypto exchanges.
“At the moment less than 1% of our monthly active users have been affected/reported. The last drained transaction was confirmed over 40h ago,” the company said in an update tweet on June 5.
“Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds,” the company said in the tweet.
Meanwhile, the company is advising users to visit its website and sync their wallets with their private key or seed phrase. It is also asking users to forward their wallet addresses to various exchanges to recover and block stolen funds.
“We are partnering with exchanges to recover stolen funds. Please forward that address to a list of all the exchanges and make sure to explain the situation,” the company said on its Telegram channel and shared the list of exchanges along with their mailing addresses.
Atomic Wallet is a noncustodial, decentralised wallet. This means users are responsible for assets stored in the application. Its terms of service specify that it accepts no liability for on-chain damage users suffer.
Twitter users research and collaborate
The earliest recorded malicious transaction date was June 2 2023 at 21:45 UTC, according to a security researcher Tray who tweeted a short analysis of the attack.
In the on-chain drain, each token and the base asset is swept from the victim’s address to a new one. The hacker then swaps all the tokens for the base asset via Uniswap, SunSwap, etc. Then the hacker sweeps that base asset balance to another new address, according to Tray.
There is also a tweet by ZachXBT that claims to have rescued $1 million from the atomic wallet for one of the victims. “A huge shoutout goes to @buffalu__, @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims,” ZachXBT tweeted.