Pages:
Author

Topic: A Non-Custodial wallet, Atomic Wallet, being compromised - page 3. (Read 2562 times)

hero member
Activity: 644
Merit: 661
- Jay -
...so support recommended I download the wallet to another device and I did, to my cell phone on May 31, from the Apple store. I believe that my account was compromised when I entered the seed phrase on  my Iphone. What do you think?
Except your iPhone was compromised there is no way to know if your wallet was breached when you imported it into your mobile device.

The time frame between you importing the seedphrase and the wallet hack announcement is very close and since they probably released an update late it is very plausible that their system malfunction caused you to not be able to send you EOS coins out.

I think Atomic being a closed source wallet should not be used, along with other closed source, custodial wallets.

- Jay -
newbie
Activity: 78
Merit: 0
I was one of those hacked. I always use atomic wallet on a dedicated laptop that is not used for anything else other than a wallet. I couldn't get my EOS to send, so support recommended I download the wallet to another device and I did, to my cell phone on May 31, from the Apple store. I believe that my account was compromised when I entered the seed phrase on  my Iphone. What do you think?
legendary
Activity: 2898
Merit: 1823
Just did a quick look around, has there been ANY update anywhere on this?

None that i have heard or seen of, i think the bigger issue here is that Atomic Wallet doesn't know what caused the mass attack of their customers, so i don't think we are looking forward to any update. It is closed source, they don't know what caused the hack, then it can happen again!


Because it's closed source doesn't mean that they do not know what caused the hack, they probably do. It should actually be BECAUSE it's closed source that the community should be more suspicious. The Atomic developers can check the code, but the open source community can't. What could go wrong?

¯\_(ツ)_/¯
legendary
Activity: 1148
Merit: 3117
For anyone that wants to keep updated regarding Atomic Wallet hack, this[1] twitter account may be useful to follow. They share relevant updates regarding anything to due with the hack which is still enshrouded in a veil of mystery. I have some reasons to believe that Atomic will eventually cease to exist in the next couple of months.

[1]https://nitter.nl/whathappenedwaw
hero member
Activity: 630
Merit: 510
that

We don't know that THEY don't know what happened. All we know is that WE don't know since they have not told us.

They care more about promoting their service than even customer safety, and I wouldn't be surprised if the recent hack was caused by a former employee or an internal attack. I tried to search for words such as atomic wallet, atomic wallet review using some browsers and different IP addresses and I did not find any details about this hack on the first page. even google keywords like atomic wallet hack will get link like Atomic Wallet Claims 'Less Than 0.1%' of Users Affected by $100M Hack

Their reputation is so shot at this point it probably does not matter for people here who pay attention, but since they are still out there someone else is still going to loose their funds Sad

Our role should be to showing how bad this wallet is as a first result in search engines and convincing ChangeNOW's third-party services to stop supporting them (although ChangeNOW has a long history of suspicious activity)
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Just did a quick look around, has there been ANY update anywhere on this?
None that i have heard or seen of, i think the bigger issue here is that Atomic Wallet doesn't know what caused the mass attack of their customers, so i don't think we are looking forward to any update. It is closed source, they don't know what caused the hack, then it can happen again!
Just seems odd that all of a sudden, no more discussion. Although, the other side of it is how much more then 'they suck, don't use them' can be said.
They are closed source, so they were not really "safe" even before the hack, and no matter how many times we can say 'don't use them', so many people are still using Atomic Wallet. If after all the recent events regarding the collapse of centralized exchanges and earning platforms, people still use them to store their funds and to earn APY, surely people are still going to use Atomic Wallet to hold their funds after this hack.
that

We don't know that THEY don't know what happened. All we know is that WE don't know since they have not told us.

But the lack up updates, even to the extent of not posting a 'we don't know what went wrong still looking' is just a total lack of customer service / caring.

Their reputation is so shot at this point it probably does not matter for people here who pay attention, but since they are still out there someone else is still going to loose their funds Sad

-Dave
legendary
Activity: 994
Merit: 1089
Just did a quick look around, has there been ANY update anywhere on this?
None that i have heard or seen of, i think the bigger issue here is that Atomic Wallet doesn't know what caused the mass attack of their customers, so i don't think we are looking forward to any update. It is closed source, they don't know what caused the hack, then it can happen again!
Just seems odd that all of a sudden, no more discussion. Although, the other side of it is how much more then 'they suck, don't use them' can be said.
They are closed source, so they were not really "safe" even before the hack, and no matter how many times we can say 'don't use them', so many people are still using Atomic Wallet. If after all the recent events regarding the collapse of centralized exchanges and earning platforms, people still use them to store their funds and to earn APY, surely people are still going to use Atomic Wallet to hold their funds after this hack.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Just did a quick look around, has there been ANY update anywhere on this?

At this point they are not ever going to be considered secure again, but they seem to have just stopped mentioning it and as far as I can tell so have a lot of the online places that I read.

Just seems odd that all of a sudden, no more discussion. Although, the other side of it is how much more then 'they suck, don't use them' can be said.

-Dave
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
One honestly wonders how they came up with the ~1% or ~0.1% of the affected users?
How do they differentiate addresses/seeds created through their wallet from those create through other wallets?
Because they log everything you do. It's a closed source wallet which communicates exclusively through their servers. They know exactly how many users they have, and exactly which addresses belong to whom.

I remember having read somewhere (sorry, no sources to quote) that Atomic Wallet uses a hash of the recovery words as a wallet identifier and this wallet identifier appears to be communicated to the backend for whatever reasons. So Atomic Wallet knows exactly how many distinct wallets there are and talk back to their infrastructure.

Download numbers are not very accurate and might be counted multiple times for a single individual. The internal wallet identifier of active wallets is much more accurate, but no public data.
legendary
Activity: 2212
Merit: 7064
What is the best choice for me? and Why?
Best choice for you is to stop using so much shitcoins and switch to using mostly Bitcoin.
As a gradual transition you can try using Unstoppable wallet, that works on mobile devices and it is open source, but I am not sure if it support all the coins you mentioned.
Best choice is using open source hardware wallets like Trezor, Bitbox or Keystone because they have good support for coins.
Don't use any closed source or custodial wallets.
member
Activity: 1191
Merit: 78
What is the best choice for me? and Why?

+ Thanks in advance and to anyone who contributed in this thread.
Both Guarda and Exodus Wallet are not open source there's a chance that there are some flaws or back doors in the wallet which is yet to be known since no hack or dev exit scam has happened.
The best choice is for you to get a hardware wallet due to ease of use (however you need to learn how to use it safely in other not to expose your crypto to danger), secure transactions, security, etc.
legendary
Activity: 1148
Merit: 3117
Sell all the shitcoins for BTC and then store the BTC in either an open source hardware wallet such as Passport or on an airgapped cold storage device using Electrum.

If you want to keep holding shitcoins for some reason, then you are going to be stuck using insecure or closed source wallets. Your best bet will be some multi-coin hardware wallet.
The only wallet that comes to my mind that ticks the box of being open source and having their code reproducible[1] is Trezor Model T[2]. As it currently stands and considering some recent decisions I can no longer recommend moha sasa to buy it, but I guess that he is also free to read up on the recent changes that Trezor made and decide for himself if he's comfortable with them.

If it was me I would follow the suggestion made by o_e_l_e_o @moha sasa - the coins that you are currently holding basically are the ones that keep appearing on the news over and over again in the past months/years and I understand that you might want to try your luck in securing profits in the long run. However, as I don't fully understand their applicability/usage/"worthiness"(?) in the real world I would also sell them all and buy bitcoin instead.

Note: While searching for an open source wallet for holding your coins you may find Keystone[3]. However be advise that it may not be as open source as it looks considering that you have to sign an NDA[4] in order to view sections of the code that aren't available in their GitHub.

[1]https://walletscrutiny.com/hardware/trezorT/
[2]https://trezor.io/trezor-model-t
[3]https://github.com/KeystoneHQ
[4]https://walletscrutiny.com/hardware/cobovaultessential/
hero member
Activity: 630
Merit: 510
I own 12 coins (BTC - ETH - XRP - ADA - SOL - DOT - LTC - MATIC - BCH - AVAX - XLM - DASH)
You have limited options for a good, open source multi-currency wallet, and those options may be limited to Unstoppable wallet which may have sync issues or slow sync.

The best thing is to be wise in your investments and try to reduce altcoin investment, because you do not diversify your investments, but rather increase the risk potential while reducing the return on investment. In this case, hardware wallets give a safe and easy-to-manage option instead of software wallets.

Find a suitable option here https://wallets.thebitcoinhole.com/ and ask the community if it is suitable for you.

legendary
Activity: 2268
Merit: 18771
One honestly wonders how they came up with the ~1% or ~0.1% of the affected users?
How do they differentiate addresses/seeds created through their wallet from those create through other wallets?
Because they log everything you do. It's a closed source wallet which communicates exclusively through their servers. They know exactly how many users they have, and exactly which addresses belong to whom.

What is the best choice for me? and Why?
Sell all the shitcoins for BTC and then store the BTC in either an open source hardware wallet such as Passport or on an airgapped cold storage device using Electrum.

If you want to keep holding shitcoins for some reason, then you are going to be stuck using insecure or closed source wallets. Your best bet will be some multi-coin hardware wallet.
hero member
Activity: 2254
Merit: 680
Signature designer - start @$10 - PM me!
After reading this thread I decided to remove all of my coins from Guarda & Exodus

What is the best choice for me? and Why?

Your concern has nothing to do with the Atomic Wallet incident, the reason to remove it sounds absurd, although it is true that the two wallets you used weren't the best advice but it's for other reasons.
I didnt find any better multi-coin wallet recommendations in this forum besides mycelium if you see the innate characteristics. However, the last security protection is in your hands. DWYOR
jr. member
Activity: 35
Merit: 2
I own 12 coins (BTC - ETH - XRP - ADA - SOL - DOT - LTC - MATIC - BCH - AVAX - XLM - DASH)

in 2 Guarda wallets (one of them is on Win 10 PC and the other is on a Linux Mint PC) and Exodus wallet (on Samsung Android V.13)

After reading this thread I decided to remove all of my coins from Guarda & Exodus

What is the best choice for me? and Why?

+ Thanks in advance and to anyone who contributed in this thread.
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
IIRC in their earlier blog posts they stated something like only ~1% of users were affected, now in their recent statement a few days ago it's ~0.1% which is a difference and it smells fishy. Does this explain anything? Of course, not! Their statement is more like fog and mirrors and in the bad situation it's embarrassingly empty of investigative findings. The amount of downplay is striking and shocking.
One honestly wonders how they came up with the ~1% or ~0.1% of the affected users?
How do they differentiate addresses/seeds created through their wallet from those create through other wallets?

Something is definitely so fishy



So it looks like they have pushed a new "mandatory security update". I couldn't find any information about it though, there's no mention of it on their twitter account or or even the release history page: https://support.atomicwallet.io/article/339-release-history
https://i.ibb.co/zNjjBvf/photo-2023-06-28-18-21-06.jpg
They should just shut down their lousy app. Much better that pushing updates that no one knows about late alone what exactly happened due to the security breach.
staff
Activity: 3500
Merit: 6152
So it looks like they have pushed a new "mandatory security update". I couldn't find any information about it though, there's no mention of it on their twitter account or or even the release history page: https://support.atomicwallet.io/article/339-release-history


hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
IIRC in their earlier blog posts they stated something like only ~1% of users were affected, now in their recent statement a few days ago it's ~0.1% which is a difference and it smells fishy. Does this explain anything? Of course, not! Their statement is more like fog and mirrors and in the bad situation it's embarrassingly empty of investigative findings. The amount of downplay is striking and shocking.

Three weeks have past and Atomic Wallet publishes such shit statement telling barely nothing but we have no clue or between the lines you could read it: we better tell we have no clue 'cause we screwed up really badly.
legendary
Activity: 2898
Merit: 1823
How high is the possbility that the AtomicWallet developers backdoored their own software? Because it's so unexplainable why they still haven't shut their whole infrastructure down, or that they still allow for the wallet to be downloaded?

The Bitcoin community, and all of cryptocurrencies would receive another massive "LOSS" if some nefarious motive was found in the source code.

I would hate to post another tin-foil hat idea, but if there was something in the code, I would say that someone in Atomic's team is a plant.

 Cool

It's difficult to say since they haven't shared any information. This is their latest post: https://twitter.com/AtomicWallet/status/1669750121586737152

If there was a backdoor by one of the employees (without the rest of the staff knowledge), they would've fixed it but as we can see, it's been some time since they last updated the software: https://support.atomicwallet.io/article/339-release-history

Also, from my understanding of the tweet above, this "backdoor" has something to do with Ethereum (or maybe EVM chains in general), but if we check the article talking about the hack, we can see that BTC has been stolen as well.

It's actually mind-blowing how silent they are when they have 100M $ of user funds completely gone. I personally still suspect they have the private keys (or at least some of them) stored in their servers.


Their team released a blog three days ago, saying that there weren't any new breaches since June 3rd, more specifically no new cases reported. They also said that total percentage of users that had their coins stolen were less than 0.1% of Atomic app users.

They post it like it's something good because if there's truly a flaw, an exploit, or a backdoor then "0.1%" is just the start of a potentially massive breach.

What I want to know is, when will it be considered a more serious matter, and at what point should the users start suing the developers for negligence?
Pages:
Jump to: