Hackers have reportedly stolen $35 million in cryptocurrency from users of Atomic Wallet.
According to Blockchain sleuth ZachXBT, the largest one-person loss was $7.95 million; the five biggest individual losses accounted for $17 million.
Over the weekend, Atomic Wallet acknowledged receiving "reports of wallets being compromised." In a Monday update, the crypto wallet provider said “less than 1%” of its monthly active users were affected by the breach.
The “last drained transaction was confirmed over 40h ago," said at the time. "Security investigation is ongoing. We report victim addresses to major exchanges & blockchain analytics to trace and block the stolen funds.”
Atomic Wallet did not immediately respond to PCMag’s request for comment. But as BleepingComputer notes, Atomic Wallet took down its get.atomicwallet.io download server in response to the suspected breach.
Crypto security researcher Tay said the earliest transaction date with stolen funds was June 2 at 21:45 UTC. According to the researcher, the hacker or hackers responsible swept each token and base asset from the victim's address to a new address before swapping all the stolen tokens for the base asset via decentralized exchanges like uniswap and sunswap. Lastly, the hacker “swept the base asset balance to another new address,” Tay tweeted.
Atomic Wallet has reached out to victims of the hack via email, and asked them to submit account information via a Google Form.