Self-custodial cryptocurrency wallet Atomic Wallet suffered a security breach leading to the loss of an estimated $35 million in user funds. In a Saturday update, the wallet provider revealed it is still investigating the root cause of the exploit and will share more information as soon as it is available.
We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.
For any questions and concerns, contact support@atomicwallet.io
— Atomic – Crypto Wallet (@AtomicWallet) June 3, 2023
Following its investigations, the wallet provider revealed that the hack affected less than 1% of its monthly active user base. The company is yet to reveal whether or not it plans to compensate victims.
Launched in 2017, Atomic Wallet primarily exists as an application for desktop and mobile users. Like most self-custodial wallets, it allows users to hold private keys to their cryptocurrencies. Users can also stake crypto assets on different networks and connect with decentralized finance (DeFi) applications.
Atomic Wallet has a reported five million users, with the number of customers affected by the recent security breach still unknown. Notably, some users report not having suffered losses but may need to move their assets as a precautionary security measure.
Meanwhile, although Atomic Wallet is yet to officially publish the total amount of user funds lost to the exploit, popular blockchain sleuth, ZachXBT estimates the losses to be around $10 million. This figure comes from calculating the amounts reportedly lost by individual users, with the highest loss being a 7.95 million Tether (USDT) loss.
How Was Atomic Wallet Hacked?
The root cause of the exploit remains unknown. However, certain reports link the incident to unresolved security vulnerabilities dating back to February 2022. In a now-deleted post stored on the Web Archive, security firm Least Authority claimed to have found multiple security-critical vulnerabilities with Atomic Wallet.
At the time, the independent security research team reported not receiving a “sufficient or timely response” from the wallet developer. Least Authority noted that its disclosure was to alert users to the “existence of significant vulnerabilities without [..] putting them at even greater risk.”
Update: Coinfomania Coinfomania updated this article to include the current sum of stolen funds and a comment from Atomic Wallet about the percentage of affected users.
