Atomic Wallet Alerts Users Of Ongoing Exploit; Victims Claim Complete Loss Of Crypto Portfolios

Atomic Wallet has alerted the public that it received reports of users having their wallets compromised and losing their entire crypto portfolios.

"We have received reports of wallets being compromised," the team behind the non-custodial crypto wallet said in a tweet on June 3. "We are doing all we can to investigate and analyze the situation. As we have more information, we will share it accordingly."

It then informed everyone to get in touch with support@atomicwallet.io for their questions or concerns.

The team released an update on the situation the following day, noting that it was still conducting an investigation alongside "leading security companies" and looking into potential "attack vectors." However, it also clarified that nothing was confirmed at the time.

Atomic Wallet also revealed that it had already collected the addresses of the victims and communicated with "major exchanges and blockchain analytics companies" to have the stolen funds traced and blocked.

"The investigation is still ongoing in a joint effort with the leading security companies. The team is working on possible attack vectors. Nothing yet confirmed," the team wrote in its follow-up tweet. "Support team is collecting victim addresses. Reached out to major exchanges and blockchain analytics companies to trace and block the stolen funds."

Several Atomic users have since reacted to the announcement, with some claiming that their wallets were wiped out.

"Ada completely disappeared from my wallet this morning they took the coins yesterday but I can't even find the coin or the transaction history in app anymore," a verified user who has the Twitter handle @NickTatorship__ commented.

"My crypto was stolen from Atomic last night.I lost 109 litecoins, it was all my wealth and life," Twitter user @siinaa_1989 said. "How can a wallet be stolen when someone doesn't have the wallet recovery words?! What should we do now?! I need my currencies."

"God damn, All of my hard working money has been vanished from atomic wallet only!!!! This is your responsibility to secure the funds, What will happened to our funds? please do not copy paste anything here! just give all clear answer, Many users are faced with this today," Twitter user @Christomos03 said.

Atomic Wallet has reportedly begun working with on-chain sleuth ZachBTX, who is known in the cryptocurrency space for his knack for tracing stolen funds, exposing rug pulls and lending a hand on checked projects.

The non-custodial crypto wallet, which reportedly supports more than 300 crypto coins and tokens and claims that it has more than 5 million users, has not yet offered any explanation as to how the attack was carried out.

Atomic Wallet was audited in February 2022 by the Germany-based cybersecurity company Least Authority, which was hired in early 2021 to examine the crypto wallet's system design, including its corresponding core, desktop and mobile-coded implementations.

"We have taken all the issues discovered by Least Authority into full account," Atomic Wallet CEO Konstantin Gladych said a the time, as per a Coindesk report.

However, the outlet updated the said article last month, noting that as per Least Authority's latest report, Atomic Wallet still had outstanding vulnerabilities. It said that "current users are vulnerable to a range of attacks that may lead to the total loss of user funds, specifically due to the current use and implementation of cryptography" and added that it had "a lack of adherence to wallet system design and development standards and best practices."

The report also mentioned issues such as "a lack of robust project documentation" and "an incorrect use of Electron, a framework for building desktop applications, leading to an increased risk of potential security vulnerabilities and implementation errors, as well as out-of-date and unmaintained dependencies."

Moreover, the cybersecurity company urged Atomic Wallet to conduct and share with the public a full, comprehensive follow-up security audit performed by an independent security auditing team as soon as they were able to completely address and resolve existing vulnerabilities to make sure that crucial fixes have been "properly implemented."