View All R&D Articles

Atomic Wallet Hack: What We Know (And What To Do Next)

June 5, 2023

Atomic Wallet, a self-custodial, decentralized cryptocurrency wallet, has confirmed the loss of millions of dollars in users’ assets. 

Hundreds of users have reported losses on Twitter, Reddit, and other social media platforms, and the company says that they’re investigating the issue. The losses are likely related to vulnerability in the software, but at this time, there’s not much information about how the vulnerability occurred.

With more than 5 million users, Atomic Wallet is one of the most popular “hot wallets,” and the hack could have an immediate impact on crypto markets. Below, we’ll provide an overview of potential attack vectors — and provide some advice for securing funds held via Atomic Wallet.

What We Know: Atomic Wallet Users Report Widespread Losses

The team at Atomic claims that less than 1% of accounts were compromised, but it’s unclear how they arrived at that number — if they’re relying on reports from victims, the scale of the attack may be much larger. 

The attack seems to target high-asset accounts, and in total, around $35 million in assets have been compromised. We expect that number to rise significantly unless the attack vector is publicly identified and resolved. 

The five largest losses account for $17 million, with one victim losing nearly $8 million. However, Reddit users claim that smaller accounts have also been targeted — some with only a few thousand dollars in crypto assets.

What We Don’t Know: The Atomic Hack Attack Vector

Atomic has not publicly identified an attack vector. Currently, the company asks victims to fill out a questionnaire, which includes questions about the use of virtual private networks (VPNs) and the storage of seed phrases. 

But in February 2022, security researchers Least Authority performed an audit of Atomic Wallet, which found that “the design and implementation of the Atomic Wallet system does not sufficiently demonstrate considerations for security and places current users of the wallet at significant risk.” 

Least Authority did not provide much detail, but claimed that “user funds are at increased risk due to the current use and implementation of cryptography,” indicating that the software’s encryption methods were insufficient.

Atomic Wallet users report unauthorized transactions prior to losses

Victims have reported transactions in the history section of the app, but not in the transaction logs; this would indicate that the exploit is happening within the Atomic Wallet executable.

Users have speculated that the hack was deployed by an internal actor — someone working at Atomic who input malicious code into the software — but at this point, there’s no concrete evidence of that. 

Users have also reported unauthorized transactions for small amounts occurring prior to the hack, but this does not seem to be universal. It’s possible that malicious software could target the seed phrase when the software signs a transaction, if the seed phrase was unencrypted at any point during the transaction.

Unfortunately, at this point, we can only speculate about the nature of the attack; we’ll update this article as more information becomes available.

Steps to Take to Protect Crypto Stored with Atomic Wallet

We have not independently verified any backdoor in the software. However, we’ve reached out to several victims who confirmed that their software was not running when their assets left their accounts. 

It’s likely that the seed phrases were stolen when a compromised executable ran for the first time — the bad actor(s) may be gradually running through the stolen phrases, which would explain why high-value accounts have been targeted first. 

Ultimately, if you’ve used Atomic Wallet, your assets may be vulnerable, regardless of whether you open the software again. Our recommendations:

  • If you haven’t operated Atomic Wallet in several weeks or months, the safest course of action is to use your seed phrase to access funds through another software wallet. Do this via another computer — not the machine with Atomic Wallet installed. 
  • If that’s not possible or practical, open Atomic Wallet and transfer your funds to another wallet. Write down your new seed phrase on paper; don’t store it digitally. 
  • Don’t share your seed phrases with anyone. 
  • Be careful when searching for recovery resources. Since the attack, bad actors have posed as Atomic, offering “refunds” to victims; needless to say, these refunds don’t exist — it’s a phishing scam. 
  • If you’ve lost funds, work directly with Atomic Wallet’s support team.  

At Datarecovery.com, we’re actively investigating the Atomic Wallet hack and exploring potential recovery options. Check back for updates.