Phishing scammers ready to exploit Atomic Wallet hack victims

ZachXBT warns of proliferating refund scams targeting victims of the Atomic Wallet hack and reports the first recovery of lost funds

Scammer promising money
Many users have lost their life savings due to the Atomic Crypto Wallet exploit

On June 3, Atomic Crypto Wallet announced on Twitter that some users reported their accounts had been compromised. Well-known Web3 sleuth ZachXBT warns everyone who has lost their money in this hack of a growing number of phishing scams that promise a refund from the company. According to the malicious actors, Atomic Crypto Wallet is now trying to solve the problem of stolen money with an airdrop.

"Be careful, phishing scammers have already started spamming fake Atomic Wallet refund tweets on Twitter to prey on desperate victims," ZachXBT posted yesterday.

Today, the on-chain detective tweeted more information about even more sophisticated phishing scams that are taking advantage of the Atomic Wallet hack. Not only are they based on Twitter accounts that appear legitimate as they closely impersonate the original Atomic Crypto Wallet account, but they also have a golden checkmark, which means that these accounts belong to registered organizations or companies.

ZachXBT mentioned one such account "Atomic - Crypto Wallet" which says, "We are doing all that we can to investigate and compensate the situation. In the meantime, we have opened a $1,200,000 Refund Distribution Window."

Read also: How to Recover Stolen Cryptocurrency: A Guide for Victims

Needless to say, many victims expect the wallet team to compensate their losses, believing that the exploitation of the software vulnerability is the company's responsibility. This particularly makes sense since the Atomic Wallet team has reported surprisingly low losses compared to the estimates provided by on-chain analysts.

"At the moment less than 1% of our monthly active users have been affected or reported. Last drained transaction was confirmed over 40 hours ago," Atomic Wallet tweeted today, while ZachXBT claimed yesterday that total losses exceeded $35 million. According to the on-chain sleuth, the largest losses amounted to $17 million, while the five biggest losses summed up to 7.95 million USDT.

Many crypto users do not believe that only 1% of wallets were exploited, while others are rather disappointed because the team behind the wallet did not freeze transactions and did not inform the application's users more effectively about the attack. There is also growing frustration with the lack of updates and information from the company. It appears that the poor communication has affected the wallet's reputation almost as much as the hack itself, with some of its users claiming, "This is not even a compromised wallet, it's a compromised brand."

While there is not much insight into the hack from Atomic Wallet, some crypto influencers shared their observations of the attack with Twitter users.

"Each token and then the base asset is swept from the victim’s address to a new address. The hacker then swaps all the tokens for the base asset via Uniswap, MM Swaps, SunSwap, etc. The hacker then sweeps that base asset balance to another new address," Twitter user Tay wrote on June 3.

Still, there may be some hope for the return of the lost cryptocurrency. ZachXBT tweeted yesterday about the first successes in recovering stolen funds.

"A huge shoutout goes to Buffalu and Brian_smith_0 for helping us successfully rescue $1 million from the Atomic Wallet hacker for one of the victims," the Web3 detective posted, refraining from providing any details on the methods used to recover the funds as they could be exploited by the wallet hacker.

Meanwhile, some Twitter users have come up with quite unusual theories about the exploit. Some of them even claim that the hack is not a hack at all, but a UI bug that makes a wallet application display wrong addresses that have no funds.

Read also: Jimbos Protocol hacker ignores $800,000 bounty

Ironically, just before the Atomic Crypto Wallet exploit, blockchain security firm Beosin released its May 2023 Web3 Security Insights report which looked quite promising in terms of the declined number of attacks. According to Beosin, "the most significant incident was the attack on Jimbos Protocol on Arbitrum, resulting in a loss of around $7.5 million."

Beosin's overall statistics state that "22 typical security incidents occurred in May, and the total amount of losses from various attacks was about $19.69 million, decreasing about 79% compared to April." Unfortunately, the recent attack on Atomic Wallet has already surpassed these numbers.