Atomic Wallet: Your Keys — Your Losses

Over $35 million worth of user funds were lost in the recent Atomic Wallet hack, the mechanics of which is yet to be investigated. The traces of the laundered assets lead to the Lazarus group.

Observers.com
3 min readJun 11, 2023

A popular decentralized non-custodial cryptocurrency wallet Atomic Wallet was hacked over the weekend. Although the company tweeted that less than 1% of active users were affected, the loot snatched was still quite high — $35 million in Tron based USDT, BTC, ETH and other crypto.

It looks like the hackers specifically targeted large accounts. According to ZachXBT, a crypto researcher, just five wallets accounted for the half of the lost funds.

ZachXBT’s tweet about losses. Source: Twitter

It is still not known precisely how Atomic Wallet was hacked. Considering the small number of accounts affected, some analysts assumed it could be a brute-force attack on the user’s keys. In a deleted post from 2022, the Least Authority security firm warned Atomic Wallet users that the company had not fixed a ‘significant number of issues’ identified during the wallet’s security audit a year previously.

Decentralized, non-custodial wallets can also be hacked if a user gets malware on the device. However, there were no reports of mass phishing before the attack or any malicious software spreading among Atomic Wallet customers.

The blockchain analytics firm Elliptic Connect traced the stolen funds and reported that all $35 million was laundered through the Sinbad.io mixer, which is popular with the North Korean hacker group, Lazarus. ZachXBT also observed similarities with the hacker group’s previous attacks.

Atomic Wallet engaged the blockchain intelligence giant Chainalysis to trace the stolen funds and liaise with exchanges and authorities for possible confiscation. Although the company announced that they were ‘committed to helping as many victims of the recent exploit as possible’, no compensation plan was announced for the victims.

Unfortunately, being such a significant incident, this then gained the attention of other criminals. Using standard phishing schemes, accounts impersonating Atomic Wallet’s support team offered reimbursement of the losses on Twitter and other social platforms.

🔎 Atomic Wallet was founded by Konstantin Gladykh, the CEO and co-founder of Changelly cryptoexchange. The wallet is designed to utilize the atomic swap technology that allows trustless swaps of tokens between different blockchains. The company was operating with an Estonian crypto service provider license and claimed to service 5mln users around the world.

Atomic Wallet’s native coin, AWC has lost half of its value as a result of the events and is probably experiencing massive outflows of funds as experts recommend moving assets to other wallets.

Until the attack vectors of the hack are identified and fixed, it is unlikely that Atomic Wallet can reverse this trend and attract more customers.

Due to the significant financial resources it holds, the crypto industry is a target for attacks by not only regular hackers, but also state sponsored groups, that can mobilize virtually unlimited resources and sophisticated equipment. While regulators (such as those in EU) are working on setting certain risk management standards for crypto asset service providers, we are still in a situation where months-old startups manage millions in funds with shaky software systems.

On the other hand, low entry barriers are good for competition and drive innovation. Users of such services should take common precautionary measures such as diversification, keep the seed-phrase private, and be more attentive to audits, while we continue to Observe.

--

--