Developers of Atomic Wallet, a popular mobile and desktop crypto wallet supporting many currencies, are investigating a significant theft of cryptocurrency from users’ wallets, with an estimated $35 million worth of crypto reported stolen.
On June 3rd, Atomic Wallet tweeted about receiving reports of compromised wallets and stated that they had initiated an investigation into the matter. In a later tweet, however, Atomic Wallet said that they are taking the help of third-party security companies to investigate the incident. The developers are actively exploring possible attack vectors and have reached out to major exchanges and blockchain analytics firms to trace and block the stolen funds.
As a precautionary measure, the developers have taken down their download server — get.atomicwallet.io — to address concerns that their software may have been breached and to prevent any further compromises.
Blockchain researcher ZachXBT has been monitoring the transactions related to the stolen Atomic Wallet assets. According to ZachXBT, the graph of stolen funds has surpassed $14 million, encompassing various cryptocurrencies such as Bitcoin, Ethereum, Tron, Binance Smart Chain, Cardano, Ripple, Polkadot, Cosmos, Algorand, Avalanche, Stellar, Litecoin, and Dogecoin. The researcher later revealed that the stolen amount has now exceeded $35 million due to additional transactions.
The first recorded transaction involving stolen Atomic Wallet assets took place on Friday, June 2nd, at 21:45 UTC, according to crypto security research conducted by Tay.
Reports from affected users began emerging on Saturday morning through Twitter and the developer’s Telegram channel, indicating that cryptocurrency had been stolen from their Atomic Wallet wallets. The developers have initiated a process of collecting information from victims, including details about the operating system used, the source of the software download, activities performed prior to the theft, and the storage location of the backup phrase.
A Google Docs form has been created to facilitate the investigation, where victims can submit the requested information and more. While the exact cause of the compromise remains unclear, users are advised to transfer their crypto assets to alternative wallets while the developers investigate the security incident.
Cryptocurrency wallets have been on the hacker’s radar for a time now. In January, the FBI confirmed that the cybercriminals group, Lazarus, was responsible for the $100 million cryptocurrency theft. In March, cybercriminals stole $1.5 million in crypto cash from Bitcoin ATMs and in May, hackers took over Tornado Cash DAO, then submitted a proposal for reversal.