The lack of definitive information raised concerns about the depth of Atomic Wallet’s understanding of the breach and its ability to prevent similar incidents in the future.
Non-custodial decentralized Atomic Wallet has reportedly found itself embroiled in a legal battle as aggrieved investors file a class action following a major security breach that resulted in the loss of $100 million.
The class action lawsuit, which is set to challenge Atomic Wallet’s handling of the breach, represents the collective frustration and monetary losses of approximately 50 clients. These investors, who have lost a total of $12 million, are seeking reimbursement for their financial losses as well as accountability from Atomic Wallet for its apparent lack of openness and duty.
Max Gutbrod, a former partner of Baker & McKenzie in Moscow with an impressive legal career spanning over two decades, is spearheading the legal action. Collaborating with Gutbrod is Boris Feldman, a co-founder of Destra Legal, a Moscow-based legal tech firm.
In mid-June 2023, Atomic Wallet found itself at the center of a cybersecurity storm as hackers managed to breach the platform. Reports of users losing significant amounts of their cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Tether (USDT), Dogecoin (DOGE), and more, sent ripples through the crypto community.
This breach impacted at least 5,500 users, yet the specifics of the incident remained shrouded in mystery. Atomic Wallet refrained from providing a clear explanation of the conditions that led to the exploit, leaving both the affected investors and the wider community in the dark.
Atomic Wallet Breach: Possible Causes
The platform outlined four potential causes for the breach: a virus on user devices, an infrastructure breach, a man-in-the-middle attack, or malware code injection. However, the lack of definitive information raised concerns about the depth of Atomic Wallet’s understanding of the breach and its ability to prevent similar incidents in the future.
Dyma Budorin, CEO of blockchain security firm Hacken, speculated that problems in the development of recovery phrases, which serve as a backup for crypto wallets, may have resulted in a lack of the required randomization.
Additionally, Budorin highlighted the possibility of hackers deriving keys from users’ transaction data or exploiting weaknesses in the wallet manufacturer’s infrastructure. Early investigations led experts to suspect the involvement of the Lazarus Group, a known cybercrime outfit suspected of stealing billions of dollars in crypto in a series of high-profile thefts.
However, Boris Feldman, co-founder of Destra Legal and a key figure in the class action efforts, has cast doubt on this theory. He maintains that a Ukrainian hacker group is more likely to have orchestrated the heist.
Feldman’s allegations are based on traces of involvement attributed to Ukrainian hacker groups, as uncovered by Match Systems’ blockchain analytics. These findings have pointed in a different direction than the initial assumption of Lazarus Group’s involvement.
One of the most intriguing parts of the Atomic Wallet breach’s aftermath is the platform’s seemingly uninterrupted operations. Despite the enormous heist and the subsequent investigations, Atomic Wallet operated normally. This has raised concerns about whether the platform adequately rectified the security flaws that allowed the attack to occur in the first place.