Reports indicate losses of tokens, erasure of transaction data, and destruction of entire crypto portfolios.
Since June 2, at least $35 million in crypto assets have been plundered from Atomic Wallet users, according to an analysis by on-chain detective ZachXBT. The five most significant losses total seventeen million dollars.
According to Atomic Wallet’s Twitter account, the attack’s cause is under investigation. There have been reports of misplaced tokens, wiped-clean transaction histories, and even entire cryptocurrency holdings being taken.
The most prominent victim lost $7.95 million in Tether USDT, according to an independent investigation conducted by Twitter pseudonym ZachXBT, who is known for tracing crypto-stolen funds and assisting compromised projects. “Think it could surpass $50m. Keep finding more and more victims, sadly,” stated by ZachXBT.
Update: A new largest victim was found on Tron with 7.95M USDT stolen,
The five biggest losses account for $17M.
My graph has now surpassed $35M in total stolen. pic.twitter.com/eqfXkm9vlL
— ZachXBT (@zachxbt) June 4, 2023They claim more than five million users worldwide. Atomic is a non-custodial decentralized wallet, which means users are responsible for the assets they store within the application.
As is customary, its Terms of Service exclude liability for on-chain damages users incur. One excerpt states, “Under no circumstances will Atomic Wallet be liable for damages arising from the services that exceed $50.”
Update: The investigation is still ongoing in a joint effort with the leading security companies. The team is working on possible attack vectors. Nothing yet confirmed.
Support team is collecting victim addresses. Reached out to major exchanges and blockchain analytics companies…
— Atomic – Crypto Wallet (@AtomicWallet) June 4, 2023Atomic Wallet has provided limited information to consumers thus far. “The support staff is compiling victim addresses. “We have reached out to major exchanges and blockchain analytics firms to trace and block the stolen funds,” the Atomic team tweeted on June 4 — its second official statement.
Those who contacted Atomic were required to respond to over twenty inquiries regarding internet service providers, virtual private networks (VPNs), and the storage of seed phrases.
In Telegram’s community channels, some suggested that the vulnerability may have originated from an out-of-date dependency application. Dependency packages define the relationship between activities to be executed within a program, including the order in which they should be completed and the libraries required to achieve these activities.
The attack is added to an expanding list of crypto breaches. Recent cases include a $7.5 million Jimbos Protocol exploit and a malevolent proposal that seized control of Tornado Cash in May.
A report by Chainalysis estimates that crypto hackers held $3.8 billion in 2017, primarily by exploiting decentralized finance protocols in attacks linked to North Korea.
