We, the victims, have made countless attempts to reach out to Atomic Wallet’s support team, seeking resolution and reimbursement. All our good-faith efforts have been regrettably brushed aside under the excuse of “ongoing investigation”. We feel unheard, ignored, and dismissed. There has been no support, nor any assurance or apology from Atomic Wallet.
The breach, obviously not a consequence of user error, originated from server compromise and represents negligence and a stark breach of trust by Atomic Wallet, particularly its founder and CEO, Konstantin Gladyshev, who publicly identifies as Konstantin Gladych.
This breach has had a severe impact, resulting in considerable financial loss, potential exposure of our personal devices to threats, and immense distress leading to mental health issues.
Contrary to its self-proclaimed non-custodial status, Atomic Wallet acted as a de facto custodian of the funds, as surfaced by the security breach, with its app being able to access and transfer private keys and funds without consent or user action.
Atomic Wallet bears full responsibility for this breach and its fallout. The complexity and scale of the attack suggest possible insider involvement, indicating an intimate knowledge of the system’s infrastructure and coding. Ongoing discussions in Eastern European and Central Asian online forums hint at a potential connection between the internationally sanctioned Russian-based exchange, Garantex, and Atomic Wallet. Further information will be made available in due course. Both Garantex and Atomic Wallet are closely rooted in Russia including their shareholders and technical team – who use non-Russian names.
Moreover, the Estonian government is also culpable due to its lax regulations and lack of sufficient financial oversight, including in relation to anti-money laundering enforcement.
Atomic Wallet has yet to apologize and offer a definitive reimbursement plan for victims. In a statement issued on June 20th, it misleadingly attributed the attack to factors which cybersecurity experts deem unlikely in this context. Claims of involvement of crypto investigators, Chainalysis, and Crystal, have raised suspicions as these entities lack recognized credibility and seemingly play a role in a cover-up, rather than an investigation.
We strongly reject Atomic Wallet’s ambiguous announcement to “seize and distribute frozen deposits among affected users” which has been unilaterally decided without our consultation or consent. All victims must be reimbursed fully, including interest charges.
We insist that Atomic Wallet is undeniably responsible for fully compensating all victims, regardless of the investigation’s outcome. Should full reimbursement necessitate the liquidation of Atomic Wallet, utilization of the CEO’s personal assets, or the intervention of the Estonian government, we demand it unequivocally.
Currently, we are taking proactive measures by engaging a global law firm to pursue legal actions against Atomic Wallet and Konstantin Gladych across multiple jurisdictions, including the EU, Estonia, Australia, Canada, the U.S., and Kazakhstan. We have also contacted multiple cybersecurity firms and experts to serve as expert witnesses in a court setting.
These actions will be pursued at Atomic Wallet’s expense, as the company alone shoulders full responsibility for the breach and its fallout. We reject the findings of any investigation conducted by Atomic Wallet or their investigators due to the glaring conflict of interest. The ongoing “investigation” seems to be a cover-up operation.
Given the potential for insider involvement, the scale of the breach, and the impact on Estonia’s international reputation, we urge the Estonian government to take immediate action. This includes restricting international travel for or immediate custody of Atomic Wallet executives, including Konstantin Gladych, and initiating an international fraud and money laundering investigation through the Office of the Prosecutor General in Estonia.
We stress our demand for full reimbursement of the stolen funds. Any attempts to evade or dilute this responsibility are categorically unacceptable. The breach has caused significant financial and emotional distress, and we insist on comprehensive compensation, inclusive of interest charges.