Atomic Wallet hacks lead to over $35 million in crypto stolen

The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users' wallets, with over $35 million in crypto reportedly stolen.

Atomic Wallet is a mobile and desktop crypto wallet allowing users to store various cryptocurrencies. The wallet is offered for multiple operating systems, including Windows, Android, iOS, macOS, and Linux.

On June 3rd, Atomic Wallet tweeted that they had received reports of compromised wallets and had begun investigating the issue.

"We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly," tweeted Atomic Wallet.

A tweet published today says they are now working with third-party security companies to investigate the incident and block the stolen funds from being sold on exchanges.

"Update: The investigation is still ongoing in a joint effort with the leading security companies. The team is working on possible attack vectors," tweeted the developers today.

"Nothing yet confirmed. Support team is collecting victim addresses. Reached out to major exchanges and blockchain analytics companies to trace and block the stolen funds."

The developers have since taken down their download server, 'get.atomicwallet.io,' likely out of concern that their software was breached and to prevent the spread of further compromises.

Blockchain sleuth ZachXBT has been collecting transactions of funds stolen from Atomic Wallet victims and says that over $35 million in crypto has been stolen due to this compromise.

"Just surpassed $14M worth of stolen funds on my graph across Bitcoin, ETH, Tron, BSC, ADA, Ripple, Polkadot, Cosmos, Algo, Avax, XLM, LTC and Doge," explained ZachXBT. 

The researcher later stated that additional transactions boosted the stolen amount above $35 million.

According to crypto security researcher Tay, the earliest transaction for stolen Atomic Wallet assets was on Friday, June 2nd, at 21:45 UTC.

A weekend crypto theft

Atomic Wallet users began reporting Saturday morning on Twitter and the developer's Telegram channel that cryptocurrency was stolen from their Atomic Wallet wallets.

Atomic Wallet is now collecting information from victims, asking what operating system they are using, where they downloaded the software, what was done before crypto was stolen, and where the backup phrase was stored.

Victims are also asked to submit this information, and more, on a Google Docs form that was created to investigate the incident.

While some users report that their crypto was stolen after a recent software update, others report [1, 2, 3, 4] that they have never done an update and their crypto was still stolen.

At this time, it is unclear how the compromise took place, but users are advised to transfer their crypto assets to other wallets while the developers investigate the security incident.

BleepingComputer contacted Atomic Wallet with questions about the attack, but a response was not immediately available.