The fallout of the Atomic Wallet hack last weekend continues as total losses mount to $35 million as more victims report losses. The initial estimated losses were around $14 million.
According to the latest report from on-chain sleuth ZachXBT, the total amount stolen in the Atomic Wallet hack has surpassed $35 million, with the largest victims losing 7.95 million USDT on the TRON network. “The five biggest losses account for $17M,” the sleuth reported.
Update: A new largest victim was found on Tron with 7.95M USDT stolen,
The five biggest losses account for $17M.
My graph has now surpassed $35M in total stolen. pic.twitter.com/eqfXkm9vlL
— ZachXBT (@zachxbt) June 4, 2023
The Atomic Wallet Hack
On Saturday, June 3rd, the official Twitter account of Atomic Wallet reported that they were investigating a wallet compromise. The announcement read:
“We have received reports of wallets being compromised. We are doing all we can to investigate and analyze the situation. As we have more information, we will share it accordingly.”
We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.
For any questions and concerns, contact [email protected]
— Atomic – Crypto Wallet (@AtomicWallet) June 3, 2023
Since that announcement, the team has had no update for the next 48 hours. In the meantime, blockchain sleuths and security analysts continued to find the root cause and the amount stolen in the incident.
ZachXBT initially estimated $14 million in losses across Bitcoin (BTC), ETH, Tron (TRX), BSC, Carano (ADA), Ripple, Polkadot, Cosmos, Algo, Avax, XLM, LTC, and Doge. However, as the more victim reported their losses, the amount stolen in the Atmoic has risen by around $35 million, with multiple 6 figure losses. In a later tweet, he expected the stolen amount to rise to $50 million.
The lack of communication from the official team led many annoyed users to believe another rug pull. However, the official team came online on Monday, June 5th, only to announce that less than 1% of wallet users had been affected, and the team was still investigating the incident. The announcement reads:
“At the moment, less than 1% of our monthly active users have been affected/reported. The last drained transaction was confirmed over 40h ago. Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds.”
The Atomic Wallet said the last transaction happened 40 hours ago, but some wallet users reported transactions even after that, suggesting that the hacker/s were still in the control of wallet systems even after the said 40 hours. Still, there are no authentic reports of the situation being under control. Therefore, this should be no surprise if the amount stolen in the hack gets even higher.
And yet, there is no mention of the root cause. A Twitter user Joko suspected that Atomic Wallet had a “malicious update that sends your private keys to an attacker once you open the app.”
Seems like Atomic Wallet had a malicious update that sends your private keys to an attacker once you open the app.
The absolutely terrible response from the AW team leads me to believe this is a rug pull. Peoples are still being rugged right now and there's zero communication. pic.twitter.com/v67CJtedNc
— Joko ⚡️ (@jokoono) June 4, 2023
Atomic is a noncustodial-decentralized wallet with over 5 million users around the world. As it is non-custodial, users are responsible for the assets stored in the wallet. Victims are demanding a compensation plan. However, according to wallet T&Cc, the developer accepts no liability for on-chain damages users suffer.“Under no circumstances will Atomic Wallet be liable to you for damages arising out of the services exceeding $50,” reads its terms of service.