CertiK Report: $100 million Atomic Wallet hack is the largest in Q2 2023

According to CertiK's cybersecurity report, the June 3 attack on Atomic Wallet, linked to North Korea's Lazarus Group, was the largest incident in the second quarter of 2023.

Hackers working together
CertiK considers the return of the funds stolen by the Atomic Wallet hackers to be highly unlikely

Yesterday, cybersecurity firm CertiK released its Q2 2023 HACK3D report. Along with statistics on hacks and scams that happened in Q2 2023, CertiK also mentions the biggest incident, which was the $100 million Atomic Wallet hack on June 3.

This case has caused a lot of controversy, as the Atomic Wallet team decided not to publish the details of the attack. In all updates about the exploit, Atomic Wallet repeats the same information, "To summarise, less than 0.1% of Atomic app users have been affected. Since then, no new cases have been reported."

Since Atomic Wallet claims to have updated its security infrastructure, many wallet users believe that the exploit was caused by the vulnerability in the app and the Atomic Wallet team is responsible for the losses, which should be compensated. Furthermore, as Atomic Wallet continues to claim that the group of victims was rather small, users do not understand why the wallet still has not introduced any reimbursement plan.

Meanwhile, despite announcing the wallet's security updates, the team behind the application suggested that users should be more careful with their keys, which made many frustrated Atomic Wallet customers believe that the team is trying to escape responsibility for the incident.

CertiK claims that the attackers indeed used users’ private keys. "The perpetrators targeted users’ private keys, gaining complete control over their funds. Upon obtaining these keys, the attackers were able to transfer assets to their own addresses, draining the victims’ wallets."

According to CertiK, "the cumulative losses of the five biggest individual victims amounted to $17 million," while "the largest single loss reached a significant $7.95 million."

Read also: Atomic Wallet blocks a portion of stolen funds on crypto exchanges

CertiK also mentions the prevailing theory about the link between the Atomic Wallet exploit and the North Korean hacking team Lazarus Group. This theory is particularly supported by evidence of the laundering process used by the exploiters to hide the origin of the stolen funds. Given that Lazarus Group has previously relied on cryptocurrency mixers such as Garantex and Sinbad, which were also used to disguise the millions stolen from the Atomic Wallet users, the notorious Asian hackers may actually be responsible for the largest crypto loss in Q2 2023.

CertiK cites Atomic Wallet’s public proposal for hackers, in which the team "pledged the attackers to concede 10% of the stolen funds in exchange for the return of 90% of the stolen cryptocurrency," but the tweet the cybersecurity company refers to as the source of this information makes no mention of such an offer.

Whether Atomic Wallet indeed has offered the hackers 10% of the loot or not does not seem to matter now, as the money laundering process has already been detected which means that the attackers are unlikely to be willing to return the funds.

Other Q2 2023 statistics from CertiK

While the CertiK report reveals that the losses experienced by Web3 protocols in Q2 2023 ( almost $313.6 million) were similar to the previous quarter ($320 million), there was a significant increase in loot stolen by malicious actors performing exit scams and rug pulls. Its total amount more than doubled from $31 million in Q1 to over $70.3 in Q2. Altogether, CertiK reports 98 detected cases of exit scams. This form of an exploit was most popular in the second quarter of 2023 according to the cybersecurity firm.

CertiK’s findings are very similar to the results of another Q2 2023 security research from Beosin.

The statistics reported by CertiK show that the majority of security incidents in Q2 security incidents happened on BNB Chain (119), but these events resulted in a loss of $70.7 million, which is more than twice less than the total loot acquired by malicious actors on blockchains other than Ethereum, Arbitrum, Avalanche, Polygon, and Multichain ($150.3 million). CertiK emphasizes that the nominal value of exploits depends on the volatility of cryptocurrency prices.

Read also: French authorities launch an investigation to protect victims of rug pulls

"The continued downward trend in value stolen from Web3 users and investors is an encouraging sign," CertiK's report states, adding, "While it is impossible to attribute its cause entirely to any specific development, we believe that efforts to educate users and builders about the importance of security have been paying off."

CertiK also stressed that despite the lack of particularly significant on-chain incidents in the second quarter of 2023, there was one major off-chain event, "The SEC brought charges against crypto’s two biggest exchanges [Binance and Coinbase]."

New security vulnerability discovered

Meanwhile, CertiK also shared news about its Skyfall team, which was rewarded with a $500,000 bounty by the Sui blockchain for responsibly disclosing a series of denial-of-service vulnerabilities. The CertiK team called the type of attack that could exploit such a vulnerability "Hamster Wheel."

"A new type of bug stood out due to its critical severity implications which could cause the Sui network to not be able to process new transactions, effectively causing a total network shutdown," CertiK explained the attack, which "allows an attacker to induce an infinite loop in the validator node with a payload as small as just a hundred bytes," adding that "the attack creates persistent damage that endures even after the validator network reboots."

Related: China is now integrating CBDC with social security card