Over 5,500 wallets have been compromised, but Atomic Wallet has been strangely silent.
Losses relating to the Atomic Wallet hack have now risen from $35M to a staggering $100M. Elliptic, a blockchain intelligence firm investigating the hack, is now tracking “well over” 5,500 wallets that are believed to have been compromised in the hack.
Atomic Wallet is a noncustodial crypto wallet with more than five million users. Some users reported having their entire portfolios drained, while others lost specific altcoins such as XRP and ADA. The largest single victim is believed to have lost $7.95 million in USDT on the Tron network.
Despite the magnitude of the hack, Atomic Wallet has been silent, giving no real explanation for the attack. Their last tweet dates to June 8 and states quite vaguely, “Atomic is committed to helping as many victims of the recent exploit as possible. We’ve engaged @chainalysis a leading Crypto Incident Investigator. To trace stolen funds and liaise with exchanges and authorities.”
Elliptic on the other hand is confident that the notorious North Korean hacker group, Lazarus, is responsible for the heist.
Last week, Elliptic’s investigation trail found that stolen assets were being laundered through the Sinbad mixer, a mixer used by the Lazarus Group in past hacks. The laundering also follows a series of steps that “exactly match” those previously used by the group.
“It’s possible that the stolen cryptoassets have been co-mingled in wallets that hold the proceeds of past hacks perpetrated by Lazarus Group,” the firm added.
Elliptic has now frozen over $1 million in stolen assets. In response to the freezing of funds, the firm believes the thief is now moving away from the Sinbad mixer toward the Russian-based Garantex exchange instead.
“Garantex was sanctioned by the US Department of the Treasury in April 2022 for its role in laundering the proceeds of ransomware and darknet markets,” Elliptic stated. “However, the exchange continues to operate.”
North Korea’s Lazarus Group has stolen roughly $2 billion in cryptoassets across multiple thefts over the past few years. The Atomic Wallet hack is their first major theft since June 2022, when the group exploited $100 million from Horizon Bridge.
Devastating as the hack is to users who lost funds, it won’t come as a surprise to everyone. In February, a security audit conducted by Least Authority warned that Atomic Wallet may be at risk of a security breach.
“We strongly recommend that the Atomic Wallet team immediately notify users of the existing security vulnerabilities,” the blog post read. “In addition, until the issues and suggestions outlined in the report have been sufficiently remediated and the Atomic Wallet has undergone subsequent security audits, we strongly recommend against the Atomic Wallet’s deployment and use.”
In response, Atomic’s CEO Konstantin Gladych announced that recommended changes would be implemented in late 2022.
As it stands today, users seem increasingly frustrated with the lack of support from Atomic. One user questioned, “Where is our money? What have you done for the victims? How do you compensate?”, while others pleaded for updates.
Disclaimer: CryptoPlug does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.