Crypto wallet creator Atomic Wallet reported a massive hack on June 3, after getting reports about hacked crypto wallets. Atomic published on Twitter that it has launched an extensive investigation into this hacking incident, adding it would share a lot more relevant information accordingly.
Many users have confirmed losses of crypto losses, alleging that funds held on the Atomic Wallet app disappeared.
Atomic Wallet was allegedly exploited, with some of the users stating that all their portfolios were wiped out. Notably, Atomic is a noncustodial decentralized wallet. That means users are Responsible for assets that are stored in the application.
A day after the hack, pseudonymous on-chain researcher ZachXBT said that according to his in-depth findings, the total amount of crypto funds that was stolen from Atomic wallets surpassed $35 million. The biggest victim of the hack was reported on the Tron blockchain, who lost 7.95 million USDT in the attack.
The five biggest targets account for about $17 million in stolen funds, as mentioned by ZachXBT.
In that context, the Atomic team tweeted on June 3:
“We have received reports of wallets being compromised. We are doing all we can to investigate and analyze the situation. As we have more information, we will share it accordingly.”
Many users commented on the post reporting their losses, alleging that funds were taken from the digital wallet app. ZachXBT is famous for tracing stolen funds and helping hacked projects and is now actively participating in the investigation. For now, it is not known how the attack was executed with Atomic claiming to have more than 5 million clients.
God damn, All of my hard working money has been vanished from atomic wallet only!!!! This is your responsibility to secure the funds, What will happened to our funds? please do not copy paste anything here! just give all clear answer, Many users are faced with this today!!
— Tom (@Christomos03) June 3, 2023
Related: Who Is ZachXBT?
Several users said on Twitter that funds on the Atomic Wallet app have been stolen previously. One user wrote while responding to the post:
“This happened to my BTC 6 months ago with Atomic. They simply replied to protect your pw, seed phrase, blah blah… I told them NOT even possible! All I do is use U to exchange and then move crypto out. My response to them, I will use U no MORE then! Now I was right!”
The hack joins a growing list of crypto attacks happening nearly every week. On May 28, the decentralized finance (DeFi) app Jimbo’s Protocol was exploited, resulting in a notable loss of 4,000 Ether (ETH) world about $7.5 million.
Tornado Cash, a decentralized cryptocurrency mixer, was hacked on May 20. A hacker managed to grant 1.2 million votes to a malicious proposal, gaining total control of the protocol’s governance.
Criminals stole about $3.8 billion in 2022, mostly through North Korea-linked attackers who mostly targeted DeFi protocols, as highlighted in a Chainalysis report. Another review from TRM Labs showed that despite the number of incidents recorded in Q1 2023 remaining the same, the average hack size reduced to $10.5 million from about $30 million in Q1 2022.
Sadly, this slowdown seems temporary instead of a long-term trend according to TRM Labs. TRM Labs also insisted that just several large-scale attacks may tip the scales once more.
Atomic Wallet Insists Hack Affected 1% Of Users But Investors Refute
In the wake of this attack, Atomic Wallet and several individual blockchain investigators have ramped up their efforts to track and recover the stolen funds.
This attacker is said to have made away with $35 million since June 2 affecting around 1% of Atomic Wallet’s monthly active users, as mentioned by the company.
Aiming to cash in on this flurry of activities, several verified scam Twitter accounts impersonated Atomic Wallet and shared phishing links alleging to help users recover lost funds.
ZachXBT claimed to have helped a victim recover $1 million of lost funds previously. But, the recovery process is still undisclosed, which ZachXBT supposedly “Will share in time but best not to yet.”
A huge shoutout goes to @buffalu__ @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims.
— ZachXBT (@zachxbt) June 4, 2023
Despite Atomic’s announcement, a majority of the users were still reporting a loss of funds. Moreover, the community rebuked the firm’s attempt to downplay the damage caused by this attack, as one user said:
“% doesn’t matter, hacker intend to focus on big fund wallet only.”
This incident highlights the importance of researching the right service provider when it comes to the security and safe storage of crypto assets. Furthermore, it questions the “not your keys, not your coins” narrative pushed by many crypto wallet providers like Atomic Wallet.
ZachXBT’s investigation discovered that the biggest amount lost by one Atomic Wallet was $7.95 million in Tether and it happened on the Tron blockchain. On June 4, a criminal hijacked the mobile phone owned by pro-XRP lawyer, John Deaton. Deaton’s Twitter account was exploited in the shilling of LAW tokens.
🚨John Deaton’s phone has been hacked today after a relentless cyberattack over several days.
This is NOT a legitimate tweet. His account has been taken over. He has taken immediate steps to remedy the situation.
Please disregard it and all communications from it until you… https://t.co/anOjGBloEi
— CryptoLaw (@CryptoLawUS) June 3, 2023
Moments after that tweet, Deaton and the accounts that represent him warned followers and users about the hack and were advised against investing in the crypto.
Related: How To Secure Your Crypto Wallet Against Hacks
Atomic Wallet is now collecting as much information as possible from all victims, asking what operating systems they use, where they downloaded the software, what they did before their crypto was stolen, and where they stored their backup phrases.
Victims are also encouraged to support more information on a Google Docs form that was set up to investigate the hacking. Some users report that their funds were stolen after a recent software update. Others [1, 2, 3, 4] insisted that they have never done an update and their crypto assets were still stolen.
Since the process of this attack is not yet known, users are advised to transfer all their crypto funds to other wallets as developers look into the incident to determine the best action to take.
