Atomic Wallet hack leads to at least $35M in stolen crypto assets

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent  on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. 

“Think it could surpass $50m. Keep finding more and more victims sadly,” said  ZachXBT, in a tweet.

The biggest victim of the Atomic Wallet was an individual who reportedly lost $7.95 million in the cryptocurrency tether. 

Atomic Wallet is a crypto wallet that is used for buying, staking, and exchanging bitcoin, ethereum, XRP, litecoin, USDT, and over 1,000 other coins and tokens. The company claims it has over five million users worldwide.

Atomic Wallet investigating the attack

Atomic Wallet said on June 3 that it had received reports of compromised wallets and had begun investigating the issue.

“We have received reports of wallets being compromised. We are doing all we can to investigate and analyze the situation. As we have more information, we will share it accordingly,” Atomic Wallet said in a tweet. 

The following day, the company said it was working with third-party security companies to investigate the incident and block the stolen funds from being sold on different crypto exchanges.

“At the moment less than 1% of our monthly active users have been affected/reported. The last drained transaction was confirmed over 40h ago,” the company said in an update tweet on June 5. 

“Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds,” the company said in the tweet. 

Meanwhile, the company is advising users to visit its website and sync their wallets with their private key or seed phrase. It is also asking users to forward their wallet addresses to various exchanges to recover and block stolen funds. 

“We are partnering with exchanges to recover stolen funds. Please forward that address to a list of all the exchanges and make sure to explain the situation,” the company said on its Telegram channel and shared the list of exchanges along with their mailing addresses.

Atomic Wallet is a noncustodial, decentralized wallet. This means users are responsible for assets stored in the application. Its terms of service specify that it accepts no liability for on-chain damage users suffer.

Twitter users research and collaborate 

The earliest recorded malicious transaction date was June 2 2023 at 21:45 UTC, according to an independent security researcher, Tay, who tweeted a short analysis of the attack. 

In the on-chain drain, each token and the base asset was swept from the victim’s address to a new one. The hacker then swaps all the tokens for the base asset via applicati9ons such as Uniswap or SunSwap. Then the hacker sweeps that base asset balance to another new address, according to Tay.

In a tweet, ZachXBT claims to have rescued $1 million from the atomic wallet for one of the victims. “A huge shoutout goes to @buffalu__, @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims,” ZachXBT tweeted.