Atomic Wallet users have been left wanting more answers, despite the decentralized wallet provider finally releasing a full “event statement” about the June exploit — which some estimate has run up to $100 million in losses.
In a June 20 blog post — the first major update from the firm since the June 3 exploit — Atomic Wallet claimed there have been no new confirmed cases after initial reports of the hack.
It reiterated that “less than 0.1%” of app users were affected. Atomic Wallet has made the claim at least once before in a now-deleted June 5 tweet. The figure is still rebuffed by many online.
An Atomic Wallet spokesperson told Cointelegraph it doesn’t have information about user funds or transactions. The number of affected users was determined “based on the amount of people who have gotten in touch with our customer support and reported their case.”
June 3rd event Statement. To summarise, less than 0.1% of Atomic app users have been affected. Since then, no new cases have been reported.
None of the possible issues are confirmed as potentially causing massive breaches, at least in the latest app versions. Builds are verified… pic.twitter.com/YTcOFpo3M3
— Atomic – Crypto Wallet (@AtomicWallet) June 21, 2023
In the statement Atomic Wallet didn’t point to what exactly led to the exploit, only laying out the four most “probable” causes, including a virus on user devices, an infrastructure breach, a man-in-the-middle attack or malware code injection.
However, none of these scenarios “are confirmed as potentially causing massive breaches,” the statement reads which added Atomic Wallet’s “security infrastructure has been updated.”
Additionally, an app update to boost security is being worked on and has been verified “by external auditors,” according to the statement.
However, questions have been swirling around certain aspects of the June 20 statement.
Former smart contract audit head at cybersecurity firm Hacken, Yevhenii Bezuhlyi, asked who the mentioned “external auditors” are and where users can find their statements.
Atomic Wallet’s spokesperson said it does not publicly share the names of its external auditors “for security reasons […] as they may become targets of various attacks.” The spokesperson claimed, however, that the auditors are “specialists who are known as professionals in the field.”
Related: On-chain sleuth ZachXBT sued for libel after claiming plaintiff drained funds from project
Ouriel Ohayon, the CEO of rival wallet provider ZenGo, asked why Atomic Wallet needed to update its security infrastructure and what happened for it to undertake such a measure.
“Our security infrastructure has been updated.”
why did you need to update it? what happened?
— Ouriel @ZenGo (@OurielOhayon) June 21, 2023
The spokesperson said having “special procedures in place” — what it calls “under attack mode” — is a “common practice for any company under such circumstance.”
Such measures included changing server access and turning off third party services that “can cause possible breaches.” An additional security audit was also conducted, according to the spokesperson
Others highlighted the wide array of probabilities posed by the firm as evidence it was no closer to understanding how the exploit took place.
Atomic Wallet’s spokesperson said it’s “not able to confirm what exactly caused the issue.”
In its statement, Atomic Wallet said it could see the laundering and mixing of user funds, most of which remain traceable. It has engaged the help of blockchain analytics firms Chainalysis and Crystal Blockchain and said that the investigation is still ongoing.
Chainalysis told Cointelegraph it can’t comment on its work or findings relating to Atomic Wallet.
Cointelegraph contacted Crystal Blockchain for comment on its findings related to Atomic Wallet but did not immediately receive a response.
Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers
Update (June 23, 2:35 am UTC): This article has been updated to include responses from an Atomic Wallet spokesperson.
Sourced from cointelegraph.com.
Written by Jesse Coghlan on 2023-06-23 13:30:00.
