A Non-Custodial wallet, Atomic Wallet, being compromised

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: NotATether on June 20, 2024, 01:41:43 AM

Quote from: Wind_FURY on June 13, 2024, 03:13:03 AM

Quote from: DaveF on June 12, 2024, 11:50:14 AM

Bit of a necro bump but: https://bitcointalksearch.org/topic/--5499189

I have *not* read through any of it and obviously cannot tell if any of it is true or not but according to what they are saying Atomic is part of a larger scam.

Might be worth a read / look if you have the time.

-Dave

👀

If all of that is verified 100% true, then that answers our question why Atomic Wallet would never shut down their infrastructure to undergo some security checks and audits after many "hacks". Plus I have also heard that Changelly and HitBTC were selectively scamming their own users, then based on the new evidence, it's probable that they are doing it to the users of their "wallet software" too.

Atomic Wallet is still available in the Apple Appstore.

¯\_(ツ)_/¯

Alas, even Wikipedia says that the Atomic Wallet was a "hack", despite the fact that the Atomic Wallet company never allowed the FBI to investigate the incident!

https://en.wikipedia.org/wiki/Lazarus_Group

Quote from: https://en.wikipedia.org/wiki/Lazarus_Group

June 2023 Atomic Wallet attack
In June 2023 over $100 million in cryptocurrency was stolen from users of the Atomic Wallet service,[53] and this was later confirmed by the FBI.[54]

I would go and update the page, but two problems - One is that there are no verifiable sources who have published about this yet, and two, even if some news publications report on this, Wikipedia editors will still revert my edits because it's not like the New York Times is publishing about it still.

Two of their team members have self-doxxed their identities, Konstantin Gladych and Charlie Shrem, https://atomicwallet.io/about-us

I made a quick search and some surface-reading on the both of them, and Gladych didn't look that he had a problematic past of scamming people. But Charlie Shrem did have some things in his past that were questionable. Although, that doesn't prove or predict what tendencies he may have in the future.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: UmerIdrees on June 19, 2024, 01:06:52 AM

....This is really concerning that Atomic Wallet was compromised in the history and also they are deliberately scamming their users but still, they are able to run their business. Angry

You can show people the info but you can't make them think.

Look at how many people sill use some of the crypto casinos that have pages and pages of complaints here and yet they gamble and then can't get their BTC out and them open up yet another post in the Scam Accusations section. Which does not matter since the next person is still going to go there and gamble.....

-Dave

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Wind_FURY on June 13, 2024, 03:13:03 AM

Quote from: DaveF on June 12, 2024, 11:50:14 AM

Bit of a necro bump but: https://bitcointalksearch.org/topic/--5499189

I have *not* read through any of it and obviously cannot tell if any of it is true or not but according to what they are saying Atomic is part of a larger scam.

Might be worth a read / look if you have the time.

-Dave

👀

If all of that is verified 100% true, then that answers our question why Atomic Wallet would never shut down their infrastructure to undergo some security checks and audits after many "hacks". Plus I have also heard that Changelly and HitBTC were selectively scamming their own users, then based on the new evidence, it's probable that they are doing it to the users of their "wallet software" too.

Atomic Wallet is still available in the Apple Appstore.

¯\_(ツ)_/¯

Alas, even Wikipedia says that the Atomic Wallet was a "hack", despite the fact that the Atomic Wallet company never allowed the FBI to investigate the incident!

https://en.wikipedia.org/wiki/Lazarus_Group

Quote from: https://en.wikipedia.org/wiki/Lazarus_Group

June 2023 Atomic Wallet attack
In June 2023 over $100 million in cryptocurrency was stolen from users of the Atomic Wallet service,[53] and this was later confirmed by the FBI.[54]

I would go and update the page, but two problems - One is that there are no verifiable sources who have published about this yet, and two, even if some news publications report on this, Wikipedia editors will still revert my edits because it's not like the New York Times is publishing about it still.

UmerIdrees

hero member

Activity: 2422

Merit: 875

Quote from: Wind_FURY on June 13, 2024, 03:13:03 AM

Atomic Wallet is still available in the Apple Appstore.

¯\_(ツ)_/¯

Unfortunately, the Atomic Wallet app and site is still operational. I was checking its traffic on its website https://atomicwallet. i o/ and found that in May 2024 alone, 339K users visited the site which is a very big number. Also, 15% of the traffic to the site is from the United States of America followed by 10% traffic through Russia.

This is really concerning that Atomic Wallet was compromised in the history and also they are deliberately scamming their users but still, they are able to run their business. Angry

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: DaveF on June 12, 2024, 11:50:14 AM

Bit of a necro bump but: https://bitcointalksearch.org/topic/--5499189

I have *not* read through any of it and obviously cannot tell if any of it is true or not but according to what they are saying Atomic is part of a larger scam.

Might be worth a read / look if you have the time.

-Dave

👀

If all of that is verified 100% true, then that answers our question why Atomic Wallet would never shut down their infrastructure to undergo some security checks and audits after many "hacks". Plus I have also heard that Changelly and HitBTC were selectively scamming their own users, then based on the new evidence, it's probable that they are doing it to the users of their "wallet software" too.

Atomic Wallet is still available in the Apple Appstore.

¯\_(ツ)_/¯

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Bit of a necro bump but: https://bitcointalksearch.org/topic/--5499189

I have *not* read through any of it and obviously cannot tell if any of it is true or not but according to what they are saying Atomic is part of a larger scam.

Might be worth a read / look if you have the time.

-Dave

hugeblack

legendary

Activity: 2688

Merit: 3983

Quote from: Pmalek on December 18, 2023, 12:47:42 PM

Crypto users quickly forget. Blind them with an airdrop or two, a special deal, or perhaps an NFT with promises of huge profits in the future, and many of them will come back to using Atomic Wallet, having forgotten all about this incident a long time ago.

such topics will not appear first when searching, these wallets do not give any warnings, and there is no guarantee that they have fixed everything. Therefore, good marketing in this industry is able to cover up software failures, and unfortunately some will return to using the wallet with the increase in the price of Bitcoin. I only hope that these topics will have more discussion on social media.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: DaveF on December 01, 2023, 04:58:20 PM

I wouldn't get my hopes up that Atomic Wallet will release any comments, especially anything that makes them look bad or guilty. I don't doubt they have money for advertising and they will spend it to keep showing their wallet in good light. Crypto users quickly forget. Blind them with an airdrop or two, a special deal, or perhaps an NFT with promises of huge profits in the future, and many of them will come back to using Atomic Wallet, having forgotten all about this incident a long time ago.

airbin

member

Activity: 82

Merit: 28

You're absolutely right, but it's not the idea to say I'm not interested, the collective interest is necessary for the support of the entire crypto ecosystem, a response to what happened has to be demanded, That allows support for the crypto environment, entrepreneurs, and end-users.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: DaveF on December 01, 2023, 04:58:20 PM

But still no real info coming out of atomic about what happened or how it happened.

That should already tell something and it's not good news. How many months have already passed? I lost track and kind of don't care anymore, too. I don't expect any honest statement of truth from Atomic, anyway.

Atomic is either itself incapable or incompetent to execute own investigations or too cheap to pay a capable forensic company to do it for them OR they know what happened and have chosen to keep the facts burried under a pile of silence and nonsense bits of "news" about it.

With such a post-mortem handling policy Atomic has forfeited all trustworthiness in my opinion. I wouldn't use this wallet anymore and ever again. I used this wallet only briefly to collect fork coins of older Bitcoin UTXOs a few years ago and I moved my coins out of this wallet quickly and long before the last incident happened.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Just as an FYI:

https://www.coindesk.com/policy/2023/11/29/crypto-mixer-sanctioned-by-us-treasury-for-north-korea-allegations-as-fbi-and-finish-police-seize-website/
https://www.elliptic.co/blog/analysis/35-million-atomic-wallet-hacker-funnels-crypto-to-north-korea-s-favored-mixer

But still no real info coming out of atomic about what happened or how it happened.

-Dave

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: ?? on ??

Quote from: DaveF on October 29, 2023, 10:49:27 AM

Quote from: DaveF on September 22, 2023, 05:42:12 AM

They made an update to June 3rd Event Statement the other say.
Still says 'not our fault, looking in to it'
https://atomicwallet.io/blog/articles/june-3rd-event-statement

I'm guessing that they hope it just quietly fades away and drops from peoples memories.

-Dave

And still no update. Really wonder if they are looking into it or hoping it goes away.
Since people are still using it and talking about using it and so on, I guess people don't care about their crypto.

If you want to use a wallet like this how about I just post a bunch of addresses that belong to me and I'll send you some crypto back later if I feel like it.
If not I'll just keep it. Seems to be the same service as Atomic.

-Dave

But i would count this blog (which updated on October 19 without creation date) as an update, https://atomicwallet.io/blog/articles/2m-of-suspicious-deposits-frozen-on-centralised-exchanges. But it's rather vague and there's no mention whether the victim receive their coin back. And assuming that blog is being truthful and accurate, it's interesting the hacker use combination of bridge, exchange and mixer to hide trace.

It still does not tell what happened. That is IMO still the issue.
Even a 'we don't know and are still looking into it' is better then this.
Was it on their end in terms of the servers. Was is on the app end? Was it a malicious library / supply chain attack?

So now according to them some funds are frozen. Great. What is the next step? Do they have a next step?

-Dave

virasog

legendary

Activity: 3136

Merit: 1172

Leading Crypto Sports Betting & Casino Platform

Quote from: DaveF on October 29, 2023, 10:49:27 AM

Quote from: DaveF on September 22, 2023, 05:42:12 AM

They made an update to June 3rd Event Statement the other say.
Still says 'not our fault, looking in to it'
https://atomicwallet.io/blog/articles/june-3rd-event-statement

I'm guessing that they hope it just quietly fades away and drops from peoples memories.

-Dave

And still no update. Really wonder if they are looking into it or hoping it goes away.
Since people are still using it and talking about using it and so on, I guess people don't care about their crypto.

If you want to use a wallet like this how about I just post a bunch of addresses that belong to me and I'll send you some crypto back later if I feel like it.
If not I'll just keep it. Seems to be the same service as Atomic.

-Dave

I really do not understand the affiliation of the people with atomic wallet who are still using it ? Or maybe they are not aware of this vulnerability in the atomic wallet Huh

We are not short of Non-Custodial wallets in the market that we have no option but to use the Atomic wallet Huh

The one who knows about the history of atomic wallet and still does not quit it, i am sorry that they have no idea how to protect their assets. They will only learn lessons once they themselves lose their money. Sad

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: DaveF on September 22, 2023, 05:42:12 AM

They made an update to June 3rd Event Statement the other say.
Still says 'not our fault, looking in to it'
https://atomicwallet.io/blog/articles/june-3rd-event-statement

I'm guessing that they hope it just quietly fades away and drops from peoples memories.

-Dave

And still no update. Really wonder if they are looking into it or hoping it goes away.
Since people are still using it and talking about using it and so on, I guess people don't care about their crypto.

If you want to use a wallet like this how about I just post a bunch of addresses that belong to me and I'll send you some crypto back later if I feel like it.
If not I'll just keep it. Seems to be the same service as Atomic.

-Dave

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Z-tight on October 13, 2023, 05:20:38 AM

Importing the seed phrase of a compromised or closed source wallet into a good and well reviewed software wallet like Electrum is not good practice, your wallet can still be compromised because you are still using a seed phrase that you can't verify how it was generated. What you should do is create a new wallet in Electrum and send out all your funds from the closed source or compromised wallet into the new wallet you have created and verified.

Unless you absolutely have to, you shouldn't be importing your seed or keys into multiple wallets regardless if they are open-source or not. Luckily, it doesn't cost anything to generate a new seed and create a new wallet, and it's safer than using the same one in multiple software.

The person you quoted also doesn't seem to know that importing a seed phrase into a second software isn't equivalent to having sent the coins from software A to software B. The import only duplicates the old wallet, and your seed is now entered into two or more software depending on how many times you imported the seed. The coins haven't "moved" anywhere.

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: ?? on ??

I think should also be visible in the Beginners and Help section to warn newbies out there and start importing their wallets to those who are not yet affected. Transferring their fund by importing the 12 words into other wallets like Electrum might be a good step or any wallets that support importing BIP39 seed phrases.

Importing the seed phrase of a compromised or closed source wallet into a good and well reviewed software wallet like Electrum is not good practice, your wallet can still be compromised because you are still using a seed phrase that you can't verify how it was generated. What you should do is create a new wallet in Electrum and send out all your funds from the closed source or compromised wallet into the new wallet you have created and verified.

BitcoinsGreat

sr. member

Activity: 1022

Merit: 280

Quote from: JeromeTash on September 28, 2023, 04:27:01 PM

Quote from: BitcoinsGreat on September 28, 2023, 03:31:40 PM

By the way, if all closed source wallets are not recommended, why do we use/promote Ledger Nano (Hardware Wallet) ? It is also a closed source as I know.

Who is we?

AFAIK, I haven't seen members recommend ledger Nano for a while. It's receiving heavy criticism even when they tried to make a comeback by faking their source code status

I just mean that we usually say that hardware wallets are safe and when we talk about hardware wallet, most common ones are Trezor and Ledger, Anyways now with so many issues with closed source wallets, i would avoid the closed source hardware wallets too.

Quote from: dkbit98 on September 29, 2023, 02:34:55 PM

New statement can be used for bitcoin wallet: not open source, not your coins.

That is what i was thinking too. The centralized wallets do not give you the private keys and the closed source ones, can still know our private keys through the source code, without the need to make the user being aware of it. Sad

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: DaveF on September 22, 2023, 05:42:12 AM

They made an update to June 3rd Event Statement the other say.
Still says 'not our fault, looking in to it'

I would be interested to find out what math they used exactly to calculate that only 0.1% atomic users got affected by this issue Roll Eyes

In best case this can only be people who contacted them and reported loss of coins with transactions they didnt make, and nobody knows how many people never contacted atomic amateurs.
New statement can be used for bitcoin wallet: not open source, not your coins.

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: BitcoinsGreat on September 28, 2023, 03:31:40 PM

By the way, if all closed source wallets are not recommended, why do we use/promote Ledger Nano (Hardware Wallet) ? It is also a closed source as I know.

It is not recommended to use closed source wallets because you cannot review the code, and not because all closed source wallets are unsafe, but we can agree that it is much better to use a well reviewed open source wallet, than a closed source wallet that the code cannot be reviewed. Too many people wrongly think that open source automatically means safety, it doesn't.

Ledger, just like Trezor is a hardware wallet that has been 'around' for a long time, and even though they were closed source, their devices were still recommended until they launched the ledger recover service, as a company that should help you store your keys offline, they ought to know that it is unsafe sending it to third parties, when they initially said it couldn't leave the secure element chip. This is the main reason why Ledger shouldn't be recommended, and other things, like being closed source and telling lies.

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Quote from: BitcoinsGreat on September 28, 2023, 03:31:40 PM

Trust Wallet is even more widely used than the Atomic wallet.

It doesn't matter if it's widely used. A closed source wallet should not be recommended to anyone when there are several open source wallets
The problem with a closed source wallet is that you are most of the time in the blind until a hack happens - Trust Wallet Hacked. Understanding How It Happened and What to Do Next

Quote from: BitcoinsGreat on September 28, 2023, 03:31:40 PM

By the way, if all closed source wallets are not recommended, why do we use/promote Ledger Nano (Hardware Wallet) ? It is also a closed source as I know.

Who is we?

AFAIK, I haven't seen members recommend ledger Nano for a while. It's receiving heavy criticism even when they tried to make a comeback by faking their source code status

Topic: A Non-Custodial wallet, Atomic Wallet, being compromised (Read 2558 times)