Atomic Wallet (non-custodial multi-chain wallet): Unknown officially; suspected: BGP hijacking combined with client-side vulnerability (possibly private key logging); Least Authority had flagged vulnerabilities in 2021 that were never addressed
Atomic Wallet lost $100M+ when North Korea's Lazarus Group drained user wallets across 13 blockchains — likely exploiting vulnerabilities that a security firm had flagged in 2021 and the team never fixed.
Summary #
Atomic Wallet (non-custodial multi-chain wallet) suffered a Wallet / Infrastructure (not a DeFi protocol) on 2023-06-02, resulting in a loss of approximately $100M.
What happened #
Atomic Wallet lost $100M+ when North Korea's Lazarus Group drained user wallets across 13 blockchains — likely exploiting vulnerabilities that a security firm had flagged in 2021 and the team never fixed.
Linked factors #
- RD-F-002 — related : Audit recency (stale signal — text variants only; numeric thresholds need value-parser, deferred) [via dashboard_risk_factors/Time since last audit: ~2 years (Least Authority findings from 2021 never addressed)]
- RD-F-007 — causal : Direct: bug bounty presence + max payout [via cross-hack: Factor 9: No Bug Bounty Program]
- RD-F-008 — related : Ignored bug bounty disclosure — adjacent [via cross-hack: Factor 3: Ignored / Dismissed Security Disclosure]
- RD-F-177 — causal : Cat 13: Prior known-ignored disclosure [via cross-hack: Factor 3: Ignored / Dismissed Security Disclosure]