Topic: Atomic Wallet hacked! Get your funds out now! - page 2. (Read 478 times)
The Wallet software is no longer available for download at atomicwallet.io. Does anyone know where I can download the current or older versions?
but the software can still make API/RPC remote calls into the software where by a remote user can control what the software on your device does
That's a different story and it can not happen at the same time with being open source. Unless the project is unpopular and nobody cares enough to look through the source code, such an obvious attack vector is found rather quickly.most people that see the word "open source".. just end up trusting the devs and not actually reading the code themselves.. so even open source can employ exploits and bugs which are not found until the attack happens.. and its only then that people then look for the cause and call it out as a fault
but the software can still make API/RPC remote calls into the software where by a remote user can control what the software on your device does
That's a different story and it can not happen at the same time with being open source. Unless the project is unpopular and nobody cares enough to look through the source code, such an obvious attack vector is found rather quickly. 
Wallet is a very important thing in people's life, especially online based wallets. One of the reasons we often hear that online wallets get hacked is because we share wallet access to different places.We use wallet access in multiple places due to which hackers hack wallet with all our information from there. I have noticed that many people keep all their money in one wallet, but this is our biggest mistake.Everyone should keep money in multiple wallets.Using hardware wallets instead of software wallets. Because software wallets are easily hacked. And unknown tokens cannot be add wallet without justification.
alot of people in this topic think:
open-source means serverless control.. its does not mean this. it means you can read the source code. that is it
non custodian means serverless control.. it does not mean this. it means you hold the keys. but the software can still make API/RPC (remote calls) into the software where by a remote user can control what the software on your device does
take for example the exchange feature of this wallet. the user handling their phone device just selects an altcoin to trade with. but does not do anything like choosing a bitcoin address to send funds to..
.. instead its the server that hosts all the bids/asks of the exchange and holds all the recipient addresses of all the coins of a trade. its the server that tells a users device a bitcoin address to send funds to and gets the device to sign the transactions and takes that transaction and sends it onto the peer to peer network to bet into a block
just owning the keys is one security. but if that software has remote access to commands, which tell the software/device how to spend funds.. that is a security vulnerability.
open-source means serverless control.. its does not mean this. it means you can read the source code. that is it
non custodian means serverless control.. it does not mean this. it means you hold the keys. but the software can still make API/RPC (remote calls) into the software where by a remote user can control what the software on your device does
take for example the exchange feature of this wallet. the user handling their phone device just selects an altcoin to trade with. but does not do anything like choosing a bitcoin address to send funds to..
.. instead its the server that hosts all the bids/asks of the exchange and holds all the recipient addresses of all the coins of a trade. its the server that tells a users device a bitcoin address to send funds to and gets the device to sign the transactions and takes that transaction and sends it onto the peer to peer network to bet into a block
just owning the keys is one security. but if that software has remote access to commands, which tell the software/device how to spend funds.. that is a security vulnerability.
And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a self custody wallet, it isn't a custodial wallet. But Atomic wallet is closed source and any wallet that is closed source is not recommended, with open source wallets users can verify the codes, but if the wallet is closed source you have to trust what the developers tell you about how they generate the keys of their users. The best choice of wallet should be one that is open source, self custody and has a good reputation.We don't have any proof that this is really an outside hack or they are playing a hoax to get investors' money. But if it's a real wallet vulnerability, then either open source wallet or closed wallet will be attacked equally. This is one of the many risks of investing in bitcoin. Don't always say that just choosing an open source and non-custodial wallet is 100% safe. With the recent events of Ledger and the hacks in the crypto industry, we should emphasize the risks of investing in this market so that everyone becomes more careful and vigilant.
For online wallets I would only use Mycelium or Electrum bitcoin wallets. These are open source bitcoin-only wallets that have been around since 2011.
Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.
Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??
Mycelium wallet supports erc20 smart contract though, so readjust your point, Mycelium is not a Bitcoin only wallet, and this isn't suppose to make the crypto wallet less secured in anyway, sorry if you think like that. Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.
Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??
My advice to all crypto newbies is to start using old crypto wallets, go oldies and know peace, Mycelium and few others are old masters in this crypto space, but many newbies want something new.
I doubt that Atomic wallet team will pay for this loss, because the money is big, it's up to 35million dollars that the hackers have stolen, and their main target are users with higher numbers of asset to USD in their wallet.
One of the victim to this lost nearly over $2.8m - which is so sad thinking about how this person maybe feeling right now. The overall losses have reached over $35M.
It's true that there are risks in storing crypto, even if you are using hardware wallets. How this is a lot. I just hope Atomic wallet will compensate these victims.
By the looks of how things are going nowadays, cyber security will be the growth story for the next 50 to 100 years!
It's true that there are risks in storing crypto, even if you are using hardware wallets. How this is a lot. I just hope Atomic wallet will compensate these victims.
By the looks of how things are going nowadays, cyber security will be the growth story for the next 50 to 100 years!
One of the victims said that he's into cybersecurity and he didn't know what happened but AFAIK, the funds were sent back to the victims CMIIW.
Knowing that a guy who's profession is into cybersecurity lost his funds onto this wallet, this losses their credibility and even before this incident has happend this is a common thing for most non custodial wallets. And that is to never leave your huge funds there, I can't imagine having millions worth of crypto and storing it on a wallet like this. Maybe they're just confident because they've been using it for years but for an added security, I think they're aware that they should have used something better and a more secured wallet with a small investment needed for the purchase of it and that's a hardware wallet.
Knowing that a guy who's profession is into cybersecurity lost his funds onto this wallet, this losses their credibility and even before this incident has happend this is a common thing for most non custodial wallets. And that is to never leave your huge funds there, I can't imagine having millions worth of crypto and storing it on a wallet like this. Maybe they're just confident because they've been using it for years but for an added security, I think they're aware that they should have used something better and a more secured wallet with a small investment needed for the purchase of it and that's a hardware wallet.
Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.
I think this is the 3rd time this thread has been created
A Non-Custodial wallet, Atomic Wallet, being compromised
Atomic wallet probably exploited
Since it's not in a place where everyone can see, shouldn't it be moved, @Wind_FURY should please move his topic to Bitcoin discussion board so everyone can see it and quickly take actions. It's a very serious matter and should be well informed.
Some people visits altcoin discussion board for example and once they say one or two things in this board they leave, so OP knows what he is doing.
It is time to start giving up on third party crypto wallet companies, they don't know what they are doing anymore, crypto wallet recovery seed are meant to be offline, they don't have to sync anything like this in the cloud, this is why I always frown on any crypto wallets that are giving their users the option to sync their recovery seed into a cloud storage.
If they are advancing their customers to store their recovery seed in the cloud storage then there are probably doing the data with the wallet's data.
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
Tsk. I don't know what to expect to other wallet that is claimed "non-custodial" wallet anymore. If this kind of structure are followed by other those "non-custodial" wallets then people should think twice using and installing them. Unless they are open source and can be installed by available binaries released of the software for own build.When it comes to security, when certain things are lacking your security is as good as compromised. So when you see a wallet developing team making a silly reasoning like this trying to justify being closed-source, you should know that something is seriously wrong:
Here's our reasoning behind keeping our wallet a partly closed source app:
- Atomic Wallet is a unique product created by a hard-working team.
- We don't want to make scammers' jobs easier.
- We don't want fake apps to boom in numbers.
- Atomic Wallet is a unique product created by a hard-working team.
- We don't want to make scammers' jobs easier.
- We don't want fake apps to boom in numbers.
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
Tsk. I don't know what to expect to other wallet that is claimed "non-custodial" wallet anymore. If this kind of structure are followed by other those "non-custodial" wallets then people should think twice using and installing them. Unless they are open source and can be installed by available binaries released of the software for own build. 
~move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a non-custodian wallet but it is a closed source wallet.The question is can we call a closed-source wallet as a non-custodial wallet?
If we follow Atomic Wallet's non-custodial wallet definition, which is "Non-custodial wallets give you full control over your funds and in most cases provide serverless solutions. The keys stored in an encrypted manner on the user’s device and never leave it out." Does someone truly have full control over one fund, while acknowledging the system that controls their own funds is unknown or closed?
~move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a non-custodian wallet but it is a closed source wallet.The question is can we call a closed-source wallet as a non-custodial wallet?
If we follow Atomic Wallet's non-custodial wallet definition, which is "Non-custodial wallets give you full control over your funds and in most cases provide serverless solutions. The keys stored in an encrypted manner on the user’s device and never leave it out." Does someone truly have full control over one fund, while acknowledging the system that controls their own funds is unknown or closed?
Specifically for Bitcoin, there are more trusted and especially, an open-sourced, transparent wallet, that is popularly used by many people such as Electrum. On the other hand, in this case, there is a rumour user's seed phrases are sent to the server and the system of the wallet itself is enclosed. I don't think it deserved to be called a non-custody wallet.
I saw this thread there too but was not given too much attention because I am not using Atomic Wallet but with this NotATether thread I became conscious about the wallet. And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a non-custodian wallet but it is a closed source wallet.
For online wallets I would only use Mycelium or Electrum bitcoin wallets. These are open source bitcoin-only wallets that have been around since 2011.
Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.
Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??
Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.
Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??
And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a self custody wallet, it isn't a custodial wallet. But Atomic wallet is closed source and any wallet that is closed source is not recommended, with open source wallets users can verify the codes, but if the wallet is closed source you have to trust what the developers tell you about how they generate the keys of their users. The best choice of wallet should be one that is open source, self custody and has a good reputation. 
This is not good news - of course it is sad news especially as we may soon find out how much user assets were stolen as a result of the hack. This hacking case is currently under investigation, and if indeed some of the members of this community are still store funds there - then immediately make withdrawal to another wallet. This thread should stay on top for some time for good visibility.
I saw this thread there too but was not given too much attention because I am not using Atomic Wallet but with this NotATether thread I became conscious about the wallet. And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic Wallet has suffered a serious security breach which has allowed hackers to steal user funds[1]. It is not only on Windows, but also MacOS (Linux I'm not sure. You should not assume your funds are safe.)
Huge apologies, I meant to write unsafe but somehow the autocorrect changed it to "safe" which is completely false.
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
Steps to perform right now:
- Please note the assets that are in your wallet and their derivation paths[2] (if you must type in your password to do this, do it while you are disconnected from the internet. Do not reconnect until Atomic is completely uninstalled.)
- Uninstall Atomic Wallet immediately.
- Sweep your funds to a Bitcoin wallet, your ETH funds to an Ethereum wallet, your XMR funds to a moneto wallet, etc from inside the wallet software - Do not make any transactions from Atomic Wallet. If you need to transfer obscure tokens, swap them on a centralized exchange for a decentralized asset such as Bitcoin or ETH.
[1]: https://www.cryptopolitan.com/atomic-wallet-users-report-losses-as-platform-falls-victim-to-hack/
[2]: https://support.atomicwallet.io/article/146-list-of-derivation-paths
This is most likely a data breach, but a really nasty reveal of how these "self-custodial wallets" aren't so "self-custodial" at all. utterly disappointing.Huge apologies, I meant to write unsafe but somehow the autocorrect changed it to "safe" which is completely false.
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
Steps to perform right now:
- Please note the assets that are in your wallet and their derivation paths[2] (if you must type in your password to do this, do it while you are disconnected from the internet. Do not reconnect until Atomic is completely uninstalled.)
- Uninstall Atomic Wallet immediately.
- Sweep your funds to a Bitcoin wallet, your ETH funds to an Ethereum wallet, your XMR funds to a moneto wallet, etc from inside the wallet software - Do not make any transactions from Atomic Wallet. If you need to transfer obscure tokens, swap them on a centralized exchange for a decentralized asset such as Bitcoin or ETH.
[1]: https://www.cryptopolitan.com/atomic-wallet-users-report-losses-as-platform-falls-victim-to-hack/
[2]: https://support.atomicwallet.io/article/146-list-of-derivation-paths
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.
That's basically how it went down.
Jump to: