In a shocking revelation of the cybersecurity vulnerability, more than $35 million worth of digital assets were reported stolen from Atomic Wallet since June 2, according to an analysis by on-chain detective, ZachXBT. The shocking discovery indicates the alarming scale of cryptocurrency thefts, with the five largest thefts alone accounting for almost half of the total amount: $17 million.
An ongoing investigation
Atomic Wallet has publicly announced that the cause of this massive security breach is currently under investigation. Disturbing reports suggest that hackers managed to not only steal tokens, but also wipe transaction histories and wipe entire crypto wallets.
Update: New Bigger Victim Found On Tron With 7.95M USDT Stolen,
The five largest losses represent $17 million.
My graph is now over $35 million total stolen. pic.twitter.com/eqfXkm9vlL
โ ZachXBT (@zachxbt) June 4, 2023
Renowned for tracking down stolen cryptocurrencies and helping compromised projects, independent analyst ZachXBT revealed that the biggest single loss accounted for $7.95 million in Tether. With more victims identified, he ominously predicts that the total could exceed $50 million.
Scamming Hacking Victims
He too warned about a phishing scam targeting users on the official Atomic Wallet Twitter account. He pointed out that the scammer's account, marked with a verified 'golden checkmark', is deceiving users amid the current crisis.
the victims speak
Atomic Wallet reportedly serves more than 5 million users worldwide. Cointelegraph had the opportunity to interact with a former Atomic Wallet user who fell victim to this huge breach. โIt's frustrating because I'm a cybersecurity professional,โ laments Emre, a resident of Turkey who lost nearly $1 million worth of crypto assets. The stolen tokens included Bitcoin, Dogecoin, Litecoin, Ether, USDT, USD Coin, BNB, and Polygon. The funds were intended to finance the foundation of a cybersecurity company in Turkey. But how has Atomic Wallet responded to this crisis and what protections are in place for users?
Atomic Wallet User Protection and Response
As a non-custodial decentralized wallet, Atomic Wallet places the responsibility for asset security on its users. Their terms of service clearly state that there is no liability for any on-chain damages incurred by users. Amid this crisis, the company's response has been minimal, primarily focused on collecting victims' addresses and reaching out to major exchanges and blockchain analytics firms to track and freeze stolen funds.
So far, less than 1% of our monthly active users have been affected or reported. The last drained transaction was confirmed more than 40 hours ago.
The security investigation is ongoing. We report victims' addresses to major blockchain exchanges and analytics to track and block stolen funds.
โ Atomic โ Crypto Wallet (@AtomicWallet) June 5, 2023
Possible causes and the big picture
Some users have speculated that the hack could be tied to an outdated dependency package. Such packages define the sequence and requirements of tasks within an application, and an outdated one could provide an entry point for malicious actors.
This incident adds to a growing list of cyberattacks targeting cryptographic platforms. Recent cases involve Jimbos Protocol losing $7.5 million and a malevolent proposal that managed to take control of Tornado Cash government. A Chainalysis report estimates that cryptocurrency hackers stole a staggering $3.8 billion last year, with decentralized finance protocols being the preferred target.
Experts like Dr. Martin Hiesboeck, founder of Alpineblock and Natour.io, call it one of the most important hacks in cryptocurrency history, underscoring the urgent need to address the cybersecurity issue in decentralized finance.
This weekend's atomic wallet hack was one of the largest in cryptocurrency history, again demonstrating my conviction that we are far from feasible decentralized finance. #Defi We need to solve the #cyber security problem first.
With centralized exchanges collapsing... pic.twitter.com/QNnWRQasTa
โ ๐ฉ Dr. Martin Hiesboeck (@MHiesboeck) June 4, 2023
A ray of hope?
Atomic Wallet tried to ease user panic by claiming that less than 1% of its monthly active users reported being affected and that the last fraudulent transaction was confirmed more than 40 hours ago. However, with a security investigation ongoing and potential victims yet to be identified, the full scale and repercussions of this breach remain unknown.
We have received reports of compromised wallets. We are doing everything possible to investigate and analyze the situation. As we get more information, we will share it accordingly.
For any questions and concerns, please contact [emailย protected]
โ Atomic โ Crypto Wallet (@AtomicWallet) June 3, 2023