Name: Atomic Wallet Hack — June 2023
Start: 2023-06-03T00:00:00.000Z

Atomic Wallet is a non-custodial cryptocurrency wallet for desktop and mobile published by the Estonian company Atomic Solutions. Users hold their own private keys; the wallet provides UX, swap integration and multi-asset support.

Beginning around 2-3 June 2023, Atomic Wallet users began reporting unauthorised outbound transfers of their entire balances. By 5 June, on-chain analysis firm Elliptic estimated 5,500 affected wallets with combined losses near $100M in BTC, ETH, USDT and other tokens.

The technical vector has not been publicly established. Atomic Wallet's own incident report acknowledged the breach but described the cause as still under investigation. Independent researchers have proposed multiple hypotheses including compromise of the wallet's update mechanism, leak of mnemonic seeds through telemetry, and targeted client-side malware. Some affected users reported never having installed any other crypto software.

In April 2024 the Federal Bureau of Investigation jointly attributed the attack to North Korea's Lazarus Group, citing on-chain laundering patterns consistent with prior Lazarus exploits. As of writing, the Atomic Foundation has not announced direct compensation to affected users.

Timeline

Jun 3, 2023

First reports of unauthorised outflows

Atomic Wallet users on Twitter and Reddit report empty balances; pattern not yet recognised as systemic.

Jun 5, 2023

Elliptic estimates losses at ~$100M across 5,500 wallets

On-chain analysis firm publishes the first comprehensive scale estimate.

Jun 7, 2023

Atomic Wallet acknowledges breach

Statement confirms incident; root cause described as "still under investigation".

Apr 26, 2024

FBI attributes attack to Lazarus Group

Joint statement with Atomic Wallet cites on-chain laundering patterns.

Atomic Wallet Hack — June 2023

Timeline

Who was involved

Legal record

Structural failures identified

Related records