Boasting compatibility across a diverse range of platforms including Windows, Android, iOS, macOS, and Linux, Atomic Wallet has established itself as a versatile cryptocurrency wallet accessible from both mobile devices and desktop computers.
So it came as a surprise when customers of Atomic Wallet fell victim to a massive cryptocurrency heist, resulting in the loss of millions of dollars. In a candid disclosure over the weekend, the project's developers reluctantly acknowledged the compromise of user data.
A disheartening discovery revealed that over a hundred addresses fell victim to this breach, resulting in the loss of various cryptocurrencies including Bitcoin, Ethereum, Tron, BSC, Cardano, Ripple, Polkadot, Cosmos, Algorand, Avalanche, Litecoin, and Dogecoin.
Initial estimations suggest that the total value of these losses could reach a staggering $35 million. Of particular note is the largest individual loss, amounting to a substantial $7.95 million in USDT. Shedding light on the extent of this unfortunate incident, on-chain detective ZachXBT has identified five of the largest losses, contributing to a combined sum of $17 million.
Based on crypto security research Tay on Twitter, transactions of stolen Atomic Wallet assets was as early as on 2 June.
Atomic Wallet has long touted the security of its product, asserting that the encryption and local storage of users' private keys provide enhanced protection. Yet, the recent incident serves as a stark reminder that these claims may not hold true.
Troublingly, the vulnerability of the wallet had already surfaced as early as February 2021, when auditing firm Least Authority sounded the alarm, highlighting Atomic Wallet's inadequate safeguards for user assets and private data.
Further compounding the concerns, users on Twitter have come forward with allegations of previous fund thefts within the Atomic Wallet app.
In an effort to unravel the mysteries surrounding the recent cryptocurrency theft, Atomic Wallet has embarked on a comprehensive survey, seeking vital information from the affected victims. Through inquiries regarding their operating systems, software download sources, last activities before the unfortunate event, and the storage location of their backup phrases, Atomic Wallet aims to pinpoint potential avenues of attack.
Recognising the gravity of the situation, the wallet service provider has joined forces with prominent security firms, pooling their expertise to uncover the elusive attack vectors that may have facilitated this breach. As of their latest update, Atomic Wallet tweeted that, "At the moment less than 1% of our monthly active users have been affected/reported…Security investigation is ongoing…”
As the investigation unfolds, the team diligently examines every lead, leaving us to ponder: What crucial insights will emerge from this collaboration, how did the perceived security measures of Atomic Wallet fall short, and what repercussions will this have on user confidence moving forward?