Atomic Wallet Firm Silent on Details Around $100M Hack

Estonian wallet provider Atomic Wallet has not clarified the details of a hack that forensic firm Elliptic estimates lost investors $100 million.

The company last told its customers on June 8 that Chainalysis was investigating a hack affecting under 1% of its customers.

Atomic Team’s Track Record Endangers User Trust

Elliptic confirmed yesterday that possible Lazarus hackers siphoned $100 million from over 5,000 Atomic wallets. Lazarus is a North Korean hacker group responsible for stealing more crypto in 2022 than any other year. 

Atomic’s team has not updated its user base since a June 8 tweet admitting that Chainalysis was investigating a hack. The firm said it had managed to freeze $1 million of stolen assets, but the attacker’s new laundering method complicated further progress. 

One user slammed the company for its delayed communication. He said prompt communication could have prevented him from adding funds to his account before the hack. Another criticized the firm’s lack of updates.

The Atomic breach also comes at an awkward time for Web3 users, who may need to consider crypto self-custody after the US Securities and Exchange Commission (SEC) recently sued Binance for mishandling customer funds.

In February 2022, security firm Least Authority described Atomic Wallets as a “system that… places current users of the wallet at significant risk.”

The firm found many issues still unresolved when Atomic requested a follow-up audit in November. Least Authority then publicly revealed concerns with the platform and recommended that customers not use it.

How Atomic Wallet’s Breach Hurts Crypto Users

Web3 firms engender distrust in decentralized finance protocols by not communicating breaches and service disruptions timeously.

Cybersecurity firm Anchain.ai recently pointed out that Web3 firms only respond to hacks about 40 days after an exploit, compared to five hours for a conventional cyberattack.

In addition, Varonis reports that notifying customers costs about $740,000 in the US. The total cost of a data breach can be as high as $4 million.

Multichain, the team behind the eponymous cross-chain router, provided scant updates after several cross-chain pathways were inexplicably blocked last month.

Several days after users discovered the problems, the team confirmed that the CEO could not be contacted to grant server access required for further maintenance.

The intervening lack of communication prompted Binance to halt deposits to certain networks Multichain supports. 

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.