Finally we get a statement[1] from Atomic Wallet after 18 days of radio silence regarding what might have caused the draining of the wallets. Here's a few highlights from it:
The team has researched various potential causes, the most probable of which are virus targeting on local users devices, infrastructure breach, malware code injection, or a man-in-the-middle attack. At the moment, none of the possible issues are confirmed as potentially causing massive breaches, as such types of attacks are very hard to recognize.
Our top priority is to help as many affected users as we can. We are actively working with crypto incidents investigators and authorities. The next step will be working on a legal framework for seizing frozen deposits and distributing them among affected users. We will update the community when there are more details on this front, and we ask for your patience.
To summarize, less than 0.1% of Atomic Wallet app users have been affected. No new cases have been reported since June 3rd. None of the possible issues are confirmed as potentially causing massive breaches, at least in the latest Atomic app versions. Builds are verified by external auditors. Our security infrastructure has been updated, and the investigation is still ongoing.
It seems like that they still have no clue for what might have caused this hack. This is a bit scary - if they haven't patched anything, what is stopping the hackers from continuing to drain the wallets? Are they purposely holding the draining so that users think that it is safer now only to attack once again in a near future?
As for compensation for their users, it seems like they are aiming to freeze whatever assets they manage and then distribute them accordingly. In what grounds and how remains unclear but one thing is certain - Most of the affected users won't ever see their crypto. As of now I'm still baffled that they have any customers at all still using their service. It seems that I'm more worried than them regarding the security of their crypto, and I'm not even a user of Atomic Wallet
.
[1]
https://atomicwallet.io/blog/june-3rd-event-statement