Atomic wallet has been exposed

The Atomic Wallet community has been rocked by a recent breach that may have been orchestrated by Lazarus, the notorious North Korean hacking syndicate, as reported by blockchain intelligence experts Elliptic. Tragically, several users suffered losses in the early hours of Saturday (June 3), with the value of stolen assets estimated at approximately $35 million.
While Atomic has reassured the public that the percentage of affected accounts is relatively low, various users have taken to Reddit to voice their dismay at having their crypto wallets drained. The list of affected cryptocurrencies includes bitcoin, ether, tether, dogecoin, litecoin, BNB coin, polygon, and Tron-based USDT. Read on for details of what transpired.

Reading Time: 4 minutes

Atomic wallet has been exposed

Illustration: Lenka T.

What led to the hack?

Last year, Least Authority, a security audit company, unleashed a warning in a blog post that Atomic Wallet was as safe as a house made of straw. The company outlined several vulnerabilities, including a slipshod implementation of cryptography, a design that shunned industry best practices, a dearth of project documentation, and an incorrect use of Electron. After this post, Least Authority deleted it from the internet as if it never existed. 

Reports of compromised Atomic Wallet installs

Reports of compromised Atomic Wallet installs Source: BleepingComputer/Telegram

Fast forward to now, and Dmytro Budorin, the CEO of Hacken, a blockchain security firm, has found several potential explanations for the recent hack. One possibility is that Atomic Wallet’s process of creating recovery phrases, known as seed phrases, didn’t result in randomized sequences of words. This oversight, apparently, made it child’s play for hackers to brute-force their way into the wallets.

Potential pitfalls

With non-custodial wallets like Atomic, crypto enthusiasts can maintain complete control over their digital assets without relying on a centralized entity. It’s a liberating feeling knowing that your funds are safe from corporate shenanigans, but there is a catch. If you misplace your device or forget your password, your only chance of recovering your funds is through the all-important seed phrase. Unfortunately, this phrase is like a skeleton key for your wallet, and anyone who gets their hands on it can open your account and make off with your coins.

But that’s not the only risk facing Atomic’s users. The researchers at the University of California, San Diego, have raised concerns about the vulnerability of private keys to mathematically savvy hackers. Moreover, the Android version of Atomic has been found to be relying on outdated and easily exploitable software. This revelation has led to increased scrutiny of the supply chain, website security, and data management practices of the Atomic platform.

In short, there are many potential pitfalls that users of non-custodial wallets like Atomic must navigate. However, for those who are willing to take the risk, the rewards are immeasurable. With complete control over their digital assets, crypto enthusiasts can experience a newfound sense of financial freedom. Yet, crypto wallets that don’t set up the proper architecture and don’t follow security policies are even riskier than “hot wallets.”

Bad practice

Although the crypto industry has embraced open-source code as the norm, Atomic Wallet has opted to keep its code under lock and key, rendering its security impervious to independent auditing. This approach, known as closed-source code, is often used by crypto projects to prevent competitors from emulating their software. However, the downside is that users are unable to scrutinize the code for vulnerabilities or check that it functions as intended. Instead, they must place their trust in the developers.

Criticism of Atomic Wallet’s security practices has been mounting, with prominent crypto security researcher Taylor Monahan denouncing the platform for failing to address security issues that were flagged in an audit more than a year ago. Monahan, who is also the founder of the open-source crypto wallet MyEtherWallet, took to Twitter to voice her concerns, stating that Atomic Wallet’s security posture was lacking and that it ignored the warnings of others.

Adding fuel to the fire, web3 security firm Least Authority disclosed multiple security vulnerabilities in Atomic Wallet that placed users’ assets at significant risk. The firm noted that Atomic Wallet’s design and implementation did not demonstrate an adequate level of security. Monahan went on to suggest that these security shortcomings may have allowed Atomic Wallet to inadvertently record users’ private keys, which are required to access their crypto wallets.

More bad apples

Unfortunately, Atomic Wallet is not the first to fall victim to the disastrous consequences of a closed-source system. Just this past August, Solana Slope Wallet suffered a catastrophic hack that cost users an estimated $4.1 million. 

The culprit? A pesky hacker who managed to breach Slope’s servers. Despite the common understanding that crypto wallets typically do not store user data on their servers, Slope’s code had an unexpected bug that resulted in users’ wallet passwords being stored in an easily accessible location. 

The worst part? Because Slope’s code was kept under wraps, both users and security experts were left in the dark about the vulnerability.

Dangerous grounds

According to recent data from DefiLlama, the sly online scammers have filched a whopping $272 million from crypto ventures this year alone. The conniving culprits have carried out audacious attacks such as the $197 million Euler Finance heist in March and the $7.4 million Hundred Finance scam this month. The previous year saw hackers stealing over $3.2 billion from DeFi protocols, leaving the crypto community reeling from the shocking blow. However, cybercriminals aren’t stopping there. 

Cryptocurrencies have become the go-to payment method for ransomware gangs worldwide, with SonicWall tracking over 493 million ransomware attacks and approximately 140 million cryptojacking attacks last year. Nevertheless, these statistics don’t reveal the complete picture, as numerous victims were too embarrassed to come forward and report their losses. 

As Meera Sarma, founder and CEO of cybersecurity research company Cystel, disclosed to DL News, “There were countless unreported attacks where the victims were too ashamed or couldn’t go to the press and risk reputational damage.”


In the aftermath of the hack, hackers took to Twitter to try and perform a phishing scam by luring unsuspecting users to disclose more information about their wallets. They used a “gold check-marked” account on Twitter, promoting a $1.2 million refund budget, but were quickly found out by the crypto community. 

All of the activity surrounding the wallet and subsequent events point to the fact that crypto users need to be ever vigilant and highly educated on the topic to avoid being scammed, hacked, or duped into depositing their hard-earned funds into unsecured wallets, or wallets which have security holes. 

With that being said, the recent Ledger controversy shows that even the big companies are not exempt from making bad moves and decisions. Therefore, keeping your funds across multiple, possibly, cold wallets could be the best option to avoid being a victim of a potential scam. Other than that, users can stay informed on the latest developments in the crypto world to try and be one step ahead of hackers and at the first sign of trouble, move their funds around to avoid risking them in the first place. So stay vigilant, and stay safe!  

Dino Kurbegović is a project coordinator and an investor and technology enthusiast with years of experience in managing complex projects. His journey into content writing began in 2014, covering finance, investing, crypto, technology and complex technical topics.