Over $35 Million Reportely Stolen From Atomic Wallet Users

The week started on a grim note following the large-scale theft of digital assets from Atomic Wallet users resulting in a six-figure loss across different chains.

Distraught users have taken to Twitter to challenge some of the Atomic Wallet’s claims after the company assured them that it is working with “leading security companies” and has reached out to organizations that can help trace the stolen funds.

Largest Victim Lost ~$8M

According to pseudonymous on-chain sleuth ZachXBT, the largest amount lost by a user in the Atomic Wallet hack was $7.95 million in Tether (USDT) on the Tron blockchain. Further investigation revealed that the five biggest losses account for a whopping $17 million.

In the latest update, ZachXBT, who had previously confirmed receiving numerous messages from the wallet users regarding their lost funds, estimated that the total funds stolen may have surpassed $35 million.

Atomic Wallet, in a statement on June 5th, said that less than 1% of its monthly active users were affected by the exploit. The team behind the wallet service also added that the last drained transaction was confirmed over 40 hours ago, a claim that has been challenged by several community members.

So far, no compensation plans have been announced. Atomic Wallet has not been able to determine the root cause. While some users reported that their digital assets were stolen following a recent software update, others revealed being affected despite not updating to the latest version.

Previous Red Flags

Following the episode, a security disclosure from February 2022 resurfaced, which raised several security vulnerabilities in Atomic Wallet.

Least Authority’s security research team conducted a thorough security audit in March 2021 and claimed to have discovered vulnerabilities in the wallet’s design, putting users at significant risk.

The report was delivered to Atomic in April. The Berlin-based security consulting firm concluded Atomic sent them a response noting their updates and improvements seven months later but had a “significant number of issues and suggestions remain unresolved.”

It had issued a warning “strongly recommending” that the Atomic Wallet team immediately notify users of the existing security vulnerabilities. Least Authority further added,

“In addition, until the issues and suggestions outlined in the report have been sufficiently remediated and the Atomic Wallet has undergone subsequent security audits, we strongly recommend against the Atomic Wallet’s deployment and use.”