The Atomic Wallet team has issued an official statement on what happened during the weekend of 3-4 June in the cryptocurrency theft that involved many of its users and took $100 million from their pockets.
No major takeaways on the incident appear to be included within the update: the community is asking for more in-depth explanations and demands to be compensated.
Summary
Update on the cryptocurrency theft at Atomic Wallet
On 20 June, the team at Atomic Wallet, a software version of a cryptocurrency wallet, issued an official statement via blog post to update the community about the hard hit suffered in the hack a few weeks ago.
Over the weekend between 3 and 4 June, many users of the wallet reported that they were robbed through outbound transactions not approved by their own, likely executed by North Korean hackers from the Lazarus Group.
The attack caused $100 million in cryptocurrency losses to the community, and now Atomic Wallet seeks to summarize how the investigation is proceeding to recover the stolen capital.
The blog post explains that the team of the software wallet, following the incident, alerted all major blockchain analytics companies such as Chainalysis and Crystal, as well as alerting major exchanges, to prevent the sale of such coins and conversion to fiat currency.
In researching the root cause of the incident, the Atomic Wallet team identified what could be the most likely ones, namely virus targeting on local users’ devices, infrastructure breach, malware code injection or a man-in-the-middle attack.
While there are still no firm revelations about the method used by the hackers and the recovery of the stolen funds, the team managing the wallet is reportedly working tirelessly with various ecosystems in the Web3 world and with law enforcement authorities to ferret out the identities of the criminals.
These are some of the words published within the post to define what the next steps will be:
“The next step will be working on a legal framework for seizing frozen deposits and distributing them among affected users. We will update the community when there are more details on this front, and we ask for your patience.”
In addition, it was stated that no entity within the Atomic Wallet team had access to information regarding seed phrases or data of their customers, suggesting that an insider hit was disproved.
It was estimated that the attack on 3-4 June affected a small number of users, amounting to 0.1% of the entire community.
The attack appears to be over, as no new cyberattacks have occurred, at least according to the company’s statement.
Atomic Wallet community is enraged: demands to be compensated for stolen cryptocurrencies
Despite the kind words spent by the Atomic Wallet team to explain what happened in the 3-4 June cryptocurrency theft, the community lashed out on Twitter to attack their actions and their inability to protect customer assets.
Nearly 3 weeks later, the company that runs the software for the wallet, in addition to failing to recover the funds, has also been unable to identify with certainty what led to the incident.
Rightfully, Atomic’s customers are demanding more explanation, given and considering that the wallet software offered by the company was supposed to be an effective and highly secure tool for storing cryptocurrencies.
In addition, there seems to have been conflicting information about some of the team’s statements, which at first claimed that the attack had involved 1% of the community, while now the threshold has been lowered to 0.1%.
The community is loudly asking Atomic Wallet to take responsibility and compensate users for the losses caused by their bugs and security problems.
It is undeniable to think that if an individual decides to store crypto-assets in a decentralized non-custodial wallet, with closed source software owned by a company, he or she expects top security controls to be in place to prevent such attacks.
Those who got screwed, as always, are the retail investors.
Many expect that Atomic will be able to return funds to its customers, just as Trust Wallet did in an old hack that resulted in the loss of $170,000 for wallet users.
In this case the amount is much higher, but the principles remain the same: those who did wrong, must pay.
This tweet is emblematic of how the community feels about the matter.
The crypto world hacks of 2023
The Atomic Wallet hack, which led to the loss of about $100 million in cryptocurrency to community users, represents the second largest cyber attack since early 2023.
The largest incident in terms of money stolen was the Euler Finance flash loan that evaporated over $195 million, in which the attacker managed to steal crypto assets such as DAI, USDC, StETH and WBTC,.
In total, according to DefiLlama‘s data, approximately $386 million in cryptocurrency has been stolen since the beginning of the year, through various methodologies such as router exploits, cloudflare compromises, flashloan attacks, contract manipulation, etc.
Despite the severe losses in 2023, it seems that the trend is less intense than that of 2022 where in Q1 and Q4 funds amounting to $1.3 billion and $950 million, respectively, were stolen from various communities (Certik data)
Indeed, if we take away the first two largest attacks, namely the Euler Finance and Atomic Wallet attacks, we realize how, from January to today, very few protocols have been tampered with compared to previous years.
In any case, hacks and exploits still remain a major problem to be addressed for the future of Web3.
It is mandatory to implement new security systems and better wallet software to ensure that incidents like Atomic’s will not happen again.
If we truly want the world of decentralized exchanges to achieve mass adoption, security in self custody should no longer be an issue.
In the meantime, as the Web3 is preparing to face these challenges that will determine whether or not this world succeeds, we can see that the total amount hacked since 2016 is $6.6 billion, including $5.31 billion in the DeFi and $2.53 billion in the inter-chain interoperability bridge niche.
