Atomic Wallet emerged in 2017 as a non-custodial crypto solution, empowering users to manage 500+ assets across Windows, macOS, and mobile platforms. Founder Konstantin Gladych championed self-custody, ensuring private keys remained locally stored.
This means that users bear full responsibility for securing their digital wealth. By 2023, it boasted over 5 million users, offering staking, swaps, and purchases. However, its decentralised design became a double-edged sword when hackers struck.
The $100M Heist: Timeline of a Crisis
On June 2–3, 2023, users flagged unauthorised withdrawals draining BTC, ETH, and stablecoins. Atomic Wallet initially downplayed the incident, citing “less than 1%” of users affected.
But blockchain investigator ZachXBT traced $35 million in stolen funds, exposing individual losses up to $7.95 million. By June 14, analytics firm Elliptic revised losses to $100 million, implicating North Korea’s Lazarus Group. Atomic later claimed only 0.1% of users suffered impacts, but criticism surged as victims recounted total portfolio wipeouts.
Scale and Culprits
Early estimates underestimated the breach, yet Elliptic confirmed over 5,500 wallets emptied. Lazarus Group, linked to $2 billion in crypto thefts, employed mixers like Tornado Cash to launder funds. Additionally, hackers funnelled assets through sanctioned exchange Garantex, evading freezes.
While some speculated Ukrainian involvement, Lazarus signature tactics chain-hopping via THORChain and Swft Blockchain solidified their blame. victims demanded answers as Atomic Wallet avoided confirming the root cause.
How Hackers Exploited the System
Experts pinpointed multiple vulnerabilities. A 2022 audit by Least Authority flagged flawed cryptography and weak Electron framework usage, risks Atomic allegedly ignored. Attack vectors included malware extracting keys, supply chain breaches, or insecure key generation.
Notably, centralised server leaks or MITM attacks exposed user data. Despite theories, Atomic cited no confirmed cause but rolled post-hack updates. “Users’ devices likely hosted the breach,” the company asserted, sidestepping accountability.
Atomic’s Controversial Response and Legal Repercussions
Atomic’s delayed transparency fuelled outrage. Affected users, including a Turkish expert losing $1 million, slammed its “0.1%” claim as misleading. By August, 50 investors filed a $12 million class action, alleging negligence and unreported vulnerabilities. German lawyer Max Gutbrod spearheaded the suit, accusing Atomic of ignoring 2022 audit warnings. Meanwhile, the platform resumed operations, urging users to “stay updated,” yet trust had crumbled.
Lessons Learned and Path Forward for Crypto Security
The hack underscored non-custodial wallet risks, urging a shift to hardware storage. Analysts stressed proactive audits and geopolitical threat awareness, given Lazarus state-backed motives.
By 2025, most stolen funds remained unrecovered; investigations are ongoing. Atomic Wallet persists, but users now prioritise cold wallets and offline seed storage. Ultimately, the breach reinforced a crypto truth: decentralisation demands unmatched vigilance.
Written By Fazal Ul Vahab C H
