Reports from affected users indicate that some lost their crypto assets after a recent software update, while others suffered losses despite not having updated to the latest version.
In a recent incident that has sent shockwaves through the crypto community, Atomic Wallet has fallen victim to a substantial theft of various tokens amounting to nearly $35 million.
The attack, which began on June 2nd 2023, affected less than 1% of Atomic Wallet’s monthly active users, according to the company’s Twitter statement on Monday. The firm, currently conducting investigations, has requested victims to submit relevant information via a Google Docs form to aid in the inquiry.
Reports from affected users indicate that some lost their crypto assets after a recent software update, while others suffered losses despite not having updated to the latest version.
The stolen tokens include popular cryptocurrencies such as Bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), Litecoin (LTC), BNB coin (BNB), and polygon (MATIC).
ZachXBT, an independent investigator known for tracking stolen crypto funds, revealed that the largest victim had lost a staggering $7.95 million in Tether (USDT). Based on their findings, ZachXBT expressed concern that the total amount stolen could potentially surpass $50 million. These revelations have left the Atomic Wallet user base on edge, with many fearing for the security of their own assets.
Atomic Wallet, a noncustodial-decentralized wallet, emphasizes in its Terms of Service that users bear sole responsibility for the assets stored in the application. The terms explicitly state that Atomic Wallet will not be liable for damages exceeding $50, a clause that may complicate matters for affected users seeking restitution.
The investigation into the security breach remains ongoing, with Atomic Wallet collaborating with leading security companies to identify possible attack vectors. The support team has reached out to major exchanges and blockchain analytics firms in an attempt to trace and block the stolen funds. However, the company has been criticized for the limited information shared with users, leaving many in a state of uncertainty and frustration.
At the moment less than 1% of our monthly active users have been affected/reported. Last drained transaction was confirmed over 40h ago.
— Atomic – Crypto Wallet (@AtomicWallet) June 5, 2023
Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds.
On the other hand, it appears that ZachXBT decided to take matters into their own hands to aid the breach victims. On Twitter he wrote:
“A huge shoutout goes to @buffalu__ @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims.”
While their efforts are commendable, the responsibility for timely recovery of the funds ultimately falls on Atomic Wallet.
It should be noted that last week Jimbos Protocol experienced a loss of $7.5 million after hackers exploited a vulnerability resulting from the lack of slippage control on liquidity conversions. Attacks such as these highlight the vulnerabilities which continue to persist in the crypto ecosystem.