Pages:
Author

Topic: A Non-Custodial wallet, Atomic Wallet, being compromised - page 9. (Read 2562 times)

legendary
Activity: 2380
Merit: 5213
Sad day for Atomic Wallet users, It's (another) stark reminder. Not your keys, not your coins.
Atomic wallet is a non-custodial wallet and gives you the private keys. The problem with Atomic wallet is that it's close source and there is no way to know how the keys have been generated and whether the user is the only who has access to the keys or not.
hero member
Activity: 1439
Merit: 513
Sad day for Atomic Wallet users, It's (another) stark reminder. Not your keys, not your coins.
hero member
Activity: 3038
Merit: 617

So many users lost thier altcoins. Even so its not fun losing a huge quantity of those tokens like XRP or ADA. This is the kind of hacks that users will question whether the Wallet developer is liable. Because if they store those tokens on exchange like Binance, users who lost tokens could have refunded.

The wallet is not opensource by the way.
legendary
Activity: 1148
Merit: 3117
After reading some comments on both the Reddit official thread[1] and their Twitter thread[2], I feel sorry for the people that lost their funds. According to this[3] user from Twitter, he estimates that a minimum of $20m has been stolen (so far at least). Match Systems appears to have some lead[4] regarding what might have caused this hack:
Quote
The breach was instigated by a recent update to the Atomic Wallet's official website. It appears the attackers gained access to user private keys and passwords by modifying the source code of the application on the server.
If true, then I'm not sure if they will be able to stop the hacker from keep sucking away their users funds. It's just a matter of time until all wallets are drained (whoever was able to exploit this surely has a way to automate this process).

[1]https://safereddit.com/r/atomicwallet/comments/13z9wdw/we_are_investigating/
[2]https://nitter.it/AtomicWallet/status/1664946301815910400
[3]https://nitter.it/zachxbt/status/1665151915355676674
[4]https://nitter.it/MatchSystems/status/1665116869450145792
legendary
Activity: 2380
Merit: 5213
It's sad news, we thought that using a non-custodial wallet is safe, in fact, there's no really safe over the internet.
It's safe to use a trustworthy open-source non-custodial wallet (preferably on an airgapped device) and that has been said many times in many threads on this forum. It's not that any non-custodial wallet is recommended.


Transferring their fund by importing the 12 words into other wallets like Electrum might be a good step or any wallets that support importing BIP39 seed phrases.
You don't make your wallet more secure, just with importing your seed phrase into a secure wallet like electrum. You should create a new wallet and send all the fund to that.
legendary
Activity: 2534
Merit: 1233
It's sad news, we thought that using a non-custodial wallet is safe, in fact, there's no really safe over the internet.
Just wanted to know now how much worth was being stolen by hackers, I saw comments on Twitter, other wallets are fine and some are drained out I start thinking now of what version of the wallet and what software they use.

I think should also be visible in the Beginners and Help section to warn newbies out there and start importing their wallets to those who are not yet affected.  Transferring their fund by importing the 12 words into other wallets like Electrum might be a good step or any wallets that support importing BIP39 seed phrases.
legendary
Activity: 2366
Merit: 1272
Heisenberg
I have seen reports of users losing their funds, and they even have no idea what happened since they never exposed their private keys or seeds.
One more reason never to trust closed source wallets.

Interesting posts of their Subreddit: https://www.reddit.com/r/atomicwallet/
legendary
Activity: 1526
Merit: 1359
I couldn't find any specific information on whether incident reports are related to a particular platform, such as desktop or mobile, or if they are related to all wallet versions. It would be helpful to have more clarity on this matter.

By the way, why is this thread in the Web wallets section?
staff
Activity: 3500
Merit: 6152
-snip-
is it still possible for Atomic walet users to transfer funds?

They should be able to but if not, they can always recover their wallet somewhere else and then transfer funds from there.
sr. member
Activity: 616
Merit: 442
Forum Only For Fun
This announcement/warning made six hours ago through Atomic Wallet's Twitter account.

If you're an Atomic Wallet user, send them out to another wallet ASAP.
A news that will make many users disappointed if all the funds stored in the AtomicWallet wallet are lost.
There is a twitter account with the username @Christomos03 replying to a tweet made by AtomicWallet with a reply requesting that the lost funds be returned. Promptly replied by @zachxbt asking to send a DM with the transaction hash of the stolen funds.

It's been 8 hours since the information was made by AtomicWallet that they were compromised, is it still possible for Atomic walet users to transfer funds?

Any bitcoin wallet, that also support altcoins or not should not be used anymore if they can not follow the recent standards.
What about other wallets that support multiple coins?
staff
Activity: 3500
Merit: 6152
It could be a phishing attack targeting their users. I don't see how their software can be compromised unless they were lying about how are the private keys generated and them being non custodial.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I wonder why people should still be using a wallet that support only legacy address when there is Segwit today. Any bitcoin wallet, that also support altcoins or not should not be used anymore if they can not follow the recent standards.
legendary
Activity: 2898
Merit: 1823
This announcement/warning made six hours ago through Atomic Wallet's Twitter account.

Quote

We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly.

For any questions and concerns, contact [email protected]

https://twitter.com/AtomicWallet/status/1664946301815910400?cxt=HHwWgMCzneP1iZsuAAAA


It's still being investigated, and no one actually knows if their software is really being compromised or not. But better be safe than to lose all of your coins/savings. If you're an Atomic Wallet user, send them out to another wallet ASAP.
Pages:
Jump to: