Atomic Wallet Hack: What are the Effects on Web3 Adoption

• Atomic Wallet has been compromised with a still unclear vulnerability.
• Around $35M in tokens has been stolen and taken away to drainer addresses.
• So far, no NFT or game reports have been linked to Atomic Wallet and the recent exploit.

Atomic Wallet lost $35M in client funds based on the latest reports, becoming one of the largest direct attacks against crypto wallets. Atomic is a hot wallet connected to the Internet at all times, and about 1% of the accounts have been compromised. A similar attack happened against the Vulcan Forged wallet, which only affected users partially. 

The attack against Atomic Wallet underscores the problem of reliability when it comes to Web3 adoption. Games and NFT collections are constantly battling attacks, including wallet drainers and malicious smart contracts, as well as wallets that are compromised from the beginning. The exact nature of the hack is still unknown, and has been investigated over the weekend. 

We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.

For any questions and concerns, contact support@atomicwallet.io

— Atomic – Crypto Wallet (@AtomicWallet) June 3, 2023

Anonymous researchers have created a map of the addresses involved in the hack. The missing tokens have been handled by drainer addresses and gas-provider addresses, only active in the past 30 hours. 

Based on the analysis of the fund flow in the Atomic wallet hack incident, we found the fund flow follows a pattern, involving four types of addresses.

1. The victim: The victim's valuable assets were almost completely drained.
2. The direct drainer: The stolen assets were… pic.twitter.com/pgb3AHu8Kc

— MetaSleuth (@MetaSleuth) June 4, 2023

No NFT have been reported so far. The Atomic Wallet hack is also independent of any action taken by the user. The hack is separate from the recent series of wallet drainer links, which attack through a fake airdrop or giveaway. 

Is Atomic Wallet Safe for Tokens and NFT?

Some of the potential attacks include a backdoor, compromised private keys, or stealing keys through the wallet’s Internet connection. Atomic Wallet is a relatively older tool, used for storing coins and for trading. But the wallet can also hold NFT and is part of the Web3 ecosystem. For now, only token withdrawals have been reported, with unconfirmed claims of recovery. 

Former security analysis of Atomic Wallet has shown flaws at the cryptography level. Atomic Wallet uses Electrum wallet, one of the common open-source tools for blockchain access. But Electrum wallet has shown inherent vulnerabilities and compromised versions for other blockchain projects.

Atomic Wallet has been closed source, and for now reviewers cannot pinpoint the reason for the hack. The wallet advertised its app as a Web3 tool, although it is more rarely used in games, and more often for classic crypto trades and swaps.