Wallet developers are not cooperating with the investigation and refuse to provide data to back up their claims of hacking
In early June, users of the popular cryptocurrency wallet Atomic Wallet faced massive thefts of cryptocurrency. The first occurred back on June 2.Since then, several analysts in the investigation and have traced more than $35 million worth of stolen money. The wallet team said it was investigating the hack. But at the time of publication, it had not released any details of the incident.
Our experts note that Atomic is is a non-custodial cryptocurrency wallet. Unlike exchanges, such wallets allow users to store funds independently of a third party. The service originally launched in 2017 as a cryptocurrency exchanger called Atomic Swap. According to the official website, Atomic Wallet has more than 5 million users.
Although the standard in cryptocurrencies is considered open source. In Atomic Wallet’s case, it has always kept its code closed, including from independent auditors. Some cryptocurrency projects prefer not to disclose the software code. In order to avoid being copied by competitors. However, users, since they cannot view the code. And they cannot check if it really works the way it is supposed to and does not contain bugs. Instead, they are forced to trust the developers.
Details of the hack have not yet been disclosed
Transparency of blockchain as a public registry of cryptocurrency transfers allows to identify the addresses of affected wallets. As well as the further movement of funds. According to an analysis by an online detective known in the cryptocurrency community under the ZachXBT. According to his conclusions, hackers stole about $35 million in various cryptocurrencies. The researcher was also contacted by victims. In doing so, providing him with transaction data on the wallet. The hack stole funds in Ethereum (ETH), Dogecoin (DOGE), Litecoin (LTC), BNB (BNB) and Polygon (MATIC) cryptocurrencies. And one of the victims lost $8 million worth of crypto-assets.
According to Elliptic’s blockchain analysts, the hacker used Sinbad.io, a cryptomixer popular with North Korean hackers, to launder stolen funds. Based on the results of past major hacks, investigators estimate. That the North Korean hacker group Lazarus Group laundered more than $100 million through it. Analysts did not name the amount of Atomic users’ funds spent through the mixer. But they did say that Sinbad.io is probably a revamped version of Blender.io, a service heavily used by Lazarus Group. And the first mixer to be sanctioned by the U.S. Treasury Department.
The investigation requires obtaining so-called server logs, an activity log that logs all user activity on the site. But Atomic Wallet refuses to provide the necessary files to analysts from various companies, despite numerous requests.