Over the weekend, many Atomic Wallet users claimed to have suffered thefts in Bitcoin, Ether and Tether amounting to about $40 million.
The problem was also admitted by the wallet’s development team, which said it had received reports of compromised wallets.
After investigating, they found that it was a problem that so far appears to have plagued only less than 1% of the number of monthly active users, with the last suspicious transaction occurring yesterday.
They also stated that they have reported the addresses of the compromised wallets to major exchanges and blockchain analytics companies to try to track and block the stolen funds.
The theft on Atomic Wallet of Tether, Bitcoin and Ethereum
Subsequently, on-chain analyst ZachXBT discovered that a total of about $35 million in funds would be stolen with this hack.
From the five most affected addresses alone, about $17 million, or nearly half of the $35 total, would have been stolen.
The largest chunk was USDT (Tether) on the Tron network.
It is worth noting that Atomic Wallet claims to have five million users, so 1% would correspond to 50,000.
However, it is worth noting that they stated that the problem affected less than 1% of monthly active users, so less than 50,000 addresses.
Indeed, it is very likely that five million is the number of wallet installations, but that monthly active users are far fewer.
The problem with Atomic Wallet: stolen BTC, ETH and Tether (USDT)
The company developing Atomic Wallet has not yet officially released the technical details of the attack, but has asked victims to submit information on a special Google Docs form it is using to conduct its investigation.
The hypothesis that is circulating the most is that the problem may be due to a recent software update, although some victims claim to have been affected even without having performed such an update.
In fact, there is suspicion that someone was able to replace on their platform the file to update the wallet by putting in a compromised file with a backdoor.
This hypothesis has not yet been confirmed, but if this is indeed the case one could imagine some insider involvement in the theft.
What is clear is that this was not an isolated problem, perhaps due to some user distraction, but a real attack. However, the technical manner in which it was conducted is not yet clear.
As early as 2021, problems regarding the security of Atomic Wallet were reported.
However, these were isolated reports, and not a full-fledged mass attack targeting thousands of wallet users.
In other words, the problems already encountered in the past appear to have actually been mostly due to the wallet’s users, and not to its software.
Instead, the recent one is the result of a real campaign carried out by some hacker who must have found a way around the security of thousands of wallets, which is less than 1% of the active ones.
The accusations against the company
The main accusation made against the company concerns the possible replacement of the file to be used for the update.
It is worth mentioning that so far there is no firm evidence that that was the problem, so as of today this accusation is based only on an unconfirmed hypothesis.
The other accusation, which has been in circulation for some time, is that of suspicious contacts with Russia.
In fact, some time ago, Atomic Wallet CEO Konstantin Gladych confirmed that the company has an office in St. Petersburg where some of its developers are located, but he denied that this could be a problem.
Gladych himself had also stated that Russian developers today are often seen as super-talented, probably due to the fact that past Soviet governments had placed a strong emphasis on math and science education.
However, nothing until a few days ago suggested that Atomic Wallet was that vulnerable, although in the absence of a definite explanation of what happened it is still too early to speculate about some form of structural vulnerability.
The tweet in poor taste
On the other hand, what appears to be in poor taste is the joking tweet posted on the company’s official profile accusing Peter Schiff of being responsible for a hack.
Peter Schiff is a well-known cryptocurrency detractor, and gold advocate, but he is not a technical expert capable of hacking a crypto wallet. So the tweet is definitely a joke.
The tweet was posted in response to a tweet from WhaleChart warning that Peter Schiff’s Twitter profile had been hacked to promote a scam.
Atomic Wallet’s response suggested that it was Schiff himself who had pretended that his profile had been hacked to promote a scam, but in addition to the fact that the joking tweet was not funny at all, the fact that it was posted on the same day as the hack to thousands of Atomic wallets turns out to be in really bad taste.