Atomic Wallet hack investigated by police in Estonia and Kazakhstan.

The team behind Atomic Wallet, a non-custodial mobile cryptocurrency wallet that was compromised on June 3, is working together with the police in Estonia, where the company is registered, according to CEO Konstantin Gladych. He also confirmed that the team received a request from authorities in Kazakhstan, as reported by the Russian-language news outlet Forklog on Tuesday.

Gladych said, “We forwarded the request to the Estonian police and Chainalysis, to whom we provided all the information needed for investigation. We’re also providing data from the victims to [the blockchain analytics companies] Crystal Blockchain and Elliptic. Exchanges and OTCs use them to stop suspicious transactions.”

According to a recent estimate by blockchain intelligence firm Elliptic, Atomic Wallet users lost more than $100 million worth of various cryptocurrencies, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB, and polygon (MATIC) during the first weekend of June. Elliptic also reported that over 5,500 wallets were compromised in the attack. Previously, Elliptic suggested that North Korean hacker group Lazarus could be responsible for the theft.

Atomic Wallet is a non-custodial mobile wallet that allows users to keep their private keys for their cryptocurrency on their own devices, without trusting a custodian. The reasons why the breach was possible are still unclear, as Atomic has not yet shared details of their technical investigation. One possibility suggested by Dyma Budorin, CEO of a blockchain security firm Hacken, is that the wallet was sending copies of users’ private keys to the company’s server. Another possibility is that Atomic generated recovery (seed) phrases for its wallets that were not random enough, so hackers could “brute-force” the wallets. There is also a chance that hackers derived private keys from Atomic users’ transaction data or breached the wallet manufacturer’s infrastructure, according to Budorin. The CEO of Atomic, Gladych, did not comment on the possible cause of the hack.

Last year, security firm Least Authority warned about security flaws in Atomic’s code in a now-deleted blog post (archived copy available here). Least Authority found issues with Atomic’s use of cryptography, a lack of robust project documentation, and incorrect use of Electron, a framework for building desktop applications. Atomic also did not adhere to the best practices for wallet design, according to Least Authority.

Atomic Wallet’s Google Play wallet has over one million downloads, according to app store data.