Pages:
Author

Topic: Atomic Wallet hacked! Get your funds out now! - page 2. (Read 478 times)

legendary
Activity: 2660
Merit: 2229
https://t1p.de/6ghrf
The Wallet software is no longer available for download at atomicwallet.io. Does anyone know where I can download the current or older versions?
legendary
Activity: 4410
Merit: 4766
but the software can still make API/RPC remote calls into the software where by a remote user can control what the software on your device does
That's a different story and it can not happen at the same time with being open source. Unless the project is unpopular and nobody cares enough to look through the source code, such an obvious attack vector is found rather quickly.

most people that see the word "open source".. just end up trusting the devs and not actually reading the code themselves.. so even open source can employ exploits and bugs which are not found until the attack happens.. and its only then that people then look for the cause and call it out as a fault
legendary
Activity: 3472
Merit: 10611
but the software can still make API/RPC remote calls into the software where by a remote user can control what the software on your device does
That's a different story and it can not happen at the same time with being open source. Unless the project is unpopular and nobody cares enough to look through the source code, such an obvious attack vector is found rather quickly.
full member
Activity: 882
Merit: 100
Wallet is a very important thing in people's life, especially online based wallets.  One of the reasons we often hear that online wallets get hacked is because we share wallet access to different places.We use wallet access in multiple places due to which hackers hack wallet with all our information from there.  I have noticed that many people keep all their money in one wallet, but this is our biggest mistake.Everyone should keep money in multiple wallets.Using hardware wallets instead of software wallets. Because software wallets are easily hacked.  And unknown tokens cannot be add wallet without justification.
legendary
Activity: 4410
Merit: 4766
alot of people in this topic think:
open-source means serverless control.. its does not mean this. it means you can read the source code. that is it

non custodian means serverless control.. it does not mean this. it means you hold the keys. but the software can still make API/RPC (remote calls) into the software where by a remote user can control what the software on your device does

take for example the exchange feature of this wallet. the user handling their phone device just selects an altcoin to trade with. but does not do anything like choosing a bitcoin address to send funds to..
.. instead its the server that hosts all the bids/asks of the exchange and holds all the recipient addresses of all the coins of a trade. its the server that tells a users device a bitcoin address to send funds to and gets the device to sign the transactions and takes that transaction and sends it onto the peer to peer network to bet into a block

just owning the keys is one security. but if that software has remote access to commands, which tell the software/device how to spend funds.. that is a security vulnerability.
sr. member
Activity: 714
Merit: 253
And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a self custody wallet, it isn't a custodial wallet. But Atomic wallet is closed source and any wallet that is closed source is not recommended, with open source wallets users can verify the codes, but if the wallet is closed source you have to trust what the developers tell you about how they generate the keys of their users. The best choice of wallet should be one that is open source, self custody and has a good reputation.

We don't have any proof that this is really an outside hack or they are playing a hoax to get investors' money. But if it's a real wallet vulnerability, then either open source wallet or closed wallet will be attacked equally. This is one of the many risks of investing in bitcoin. Don't always say that just choosing an open source and non-custodial wallet is 100% safe. With the recent events of Ledger and the hacks in the crypto industry, we should emphasize the risks of investing in this market so that everyone becomes more careful and vigilant.
sr. member
Activity: 812
Merit: 315
Vave.com - Crypto Casino
For online wallets I would only use Mycelium or Electrum bitcoin wallets. These are open source bitcoin-only wallets that have been around since 2011.

Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.

Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??
Mycelium wallet supports erc20 smart contract though, so readjust your point, Mycelium is not a Bitcoin only wallet, and this isn't suppose to make the crypto wallet less secured in anyway, sorry if you think like that.

My advice to all crypto newbies is to start using old crypto wallets, go oldies and know peace, Mycelium and few others are old masters in this crypto space, but many newbies want something new.

I doubt that Atomic wallet team will pay for this loss, because the money is big, it's up to 35million dollars that the hackers have stolen, and their main target are users with higher numbers of asset to USD in their wallet.
copper member
Activity: 153
Merit: 10
Professional virtual assistant and writer
One of the victim to this lost nearly over $2.8m - which is so sad thinking about how this person maybe feeling right now. The overall losses have reached over $35M.

It's true that there are risks in storing crypto, even if you are using hardware wallets. How this is a lot. I just hope Atomic wallet will compensate these victims.

By the looks of how things are going nowadays, cyber security will be the growth story for the next 50 to 100 years!
hero member
Activity: 3024
Merit: 745
Top Crypto Casino
One of the victims said that he's into cybersecurity and he didn't know what happened but AFAIK, the funds were sent back to the victims CMIIW.
Knowing that a guy who's profession is into cybersecurity lost his funds onto this wallet, this losses their credibility and even before this incident has happend this is a common thing for most non custodial wallets. And that is to never leave your huge funds there, I can't imagine having millions worth of crypto and storing it on a wallet like this. Maybe they're just confident because they've been using it for years but for an added security, I think they're aware that they should have used something better and a more secured wallet with a small investment needed for the purchase of it and that's a hardware wallet.
sr. member
Activity: 686
Merit: 403
Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

I think this is the 3rd time this thread has been created

A Non-Custodial wallet, Atomic Wallet, being compromised

Atomic wallet probably exploited

Since it's not in a place where everyone can see, shouldn't it be moved, @Wind_FURY should please move his topic to Bitcoin discussion board so everyone can see it and quickly take actions. It's a very serious matter and should be well informed.  

Leave it be, this is a time sensitive warning news that has to be available in every boards on the forum, this is the best way it can get to many people as possible, do you not know that some people only visit few boards on this forum and call it a day?

Some people visits altcoin discussion board for example and once they say one or two things in this board they leave, so OP knows what he is doing.

It is time to start giving up on third party crypto wallet companies, they don't know what they are doing anymore, crypto wallet recovery seed are meant to be offline, they don't have to sync anything like this in the cloud, this is why I always frown on any crypto wallets that are giving their users the option to sync their recovery seed into a cloud storage.

If they are advancing their customers to store their recovery seed in the cloud storage then there are probably doing the data with the wallet's data.
legendary
Activity: 3472
Merit: 10611
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
Tsk. I don't know what to expect to other wallet that is claimed "non-custodial" wallet anymore. If this kind of structure are followed by other those "non-custodial" wallets then people should think twice using and installing them. Unless they are open source and can be installed by available binaries released of the software for own build.
There has been a lot of cases where the companies use "buzzwords" to attract customers who would later lose their money. Like Binance calling the centralized alt-platform a DEX, or closed source wallets call themselves safe and throw around terms like "non-custodial".

When it comes to security, when certain things are lacking your security is as good as compromised. So when you see a wallet developing team making a silly reasoning like this trying to justify being closed-source, you should know that something is seriously wrong:
Here's our reasoning behind keeping our wallet a partly closed source app:
- Atomic Wallet is a unique product created by a hard-working team.
- We don't want to make scammers' jobs easier.
- We don't want fake apps to boom in numbers.
hero member
Activity: 1554
Merit: 880
pxzone.online
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.
Tsk. I don't know what to expect to other wallet that is claimed "non-custodial" wallet anymore. If this kind of structure are followed by other those "non-custodial" wallets then people should think twice using and installing them. Unless they are open source and can be installed by available binaries released of the software for own build.
hero member
Activity: 644
Merit: 520
Leading Crypto Sports Betting & Casino Platform
~move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a  non-custodian wallet but it is a closed source wallet.
 

The question is can we call a closed-source wallet as a non-custodial wallet?

If we follow Atomic Wallet's non-custodial wallet definition, which is "Non-custodial wallets give you full control over your funds and in most cases provide serverless solutions. The keys stored in an encrypted manner on the user’s device and never leave it out." Does someone truly have full control over one fund, while acknowledging the system that controls their own funds is unknown or closed?

I think with all the given preference, I think the appropriate answer would be NO because noncustodial would mean that the users has full control of his keys for example the open source electrum wallet would be a perfect example of the proposed noncustodial wallets this atomic wallet is claiming to be, and don't understand why its presumably call a noncustodial wallet when there is some breach of the user funds in the wallet.
legendary
Activity: 1932
Merit: 1273
~move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a  non-custodian wallet but it is a closed source wallet.
 

The question is can we call a closed-source wallet as a non-custodial wallet?

If we follow Atomic Wallet's non-custodial wallet definition, which is "Non-custodial wallets give you full control over your funds and in most cases provide serverless solutions. The keys stored in an encrypted manner on the user’s device and never leave it out." Does someone truly have full control over one fund, while acknowledging the system that controls their own funds is unknown or closed?

Specifically for Bitcoin, there are more trusted and especially, an open-sourced, transparent wallet, that is popularly used by many people such as Electrum. On the other hand, in this case, there is a rumour user's seed phrases are sent to the server and the system of the wallet itself is enclosed. I don't think it deserved to be called a non-custody wallet.
hero member
Activity: 686
Merit: 987
Give all before death
I saw this thread there too but was not given too much attention because I am not using Atomic Wallet but with this NotATether thread I became conscious about the wallet. And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a  non-custodian wallet but it is a closed source wallet.
 
member
Activity: 266
Merit: 42
NO SHITCOIN INSIDE
For online wallets I would only use Mycelium or Electrum bitcoin wallets. These are open source bitcoin-only wallets that have been around since 2011.

Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.

Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??
hero member
Activity: 994
Merit: 1089
And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
Atomic wallet is a self custody wallet, it isn't a custodial wallet. But Atomic wallet is closed source and any wallet that is closed source is not recommended, with open source wallets users can verify the codes, but if the wallet is closed source you have to trust what the developers tell you about how they generate the keys of their users. The best choice of wallet should be one that is open source, self custody and has a good reputation.
legendary
Activity: 1064
Merit: 1228
Playgram - The Telegram Casino
This is not good news - of course it is sad news especially as we may soon find out how much user assets were stolen as a result of the hack. This hacking case is currently under investigation, and if indeed some of the members of this community are still store funds there - then immediately make withdrawal to another wallet. This thread should stay on top for some time for good visibility.
legendary
Activity: 1022
Merit: 1341
I saw this thread there too but was not given too much attention because I am not using Atomic Wallet but with this NotATether thread I became conscious about the wallet. And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.
hero member
Activity: 1750
Merit: 589
Atomic Wallet has suffered a serious security breach which has allowed hackers to steal user funds[1]. It is not only on Windows, but also MacOS (Linux I'm not sure. You should not assume your funds are safe.)

Huge apologies, I meant to write unsafe but somehow the autocorrect changed it to "safe" which is completely false.

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

Steps to perform right now:

- Please note the assets that are in your wallet and their derivation paths[2] (if you must type in your password to do this, do it while you are disconnected from the internet. Do not reconnect until Atomic is completely uninstalled.)
- Uninstall Atomic Wallet immediately.
- Sweep your funds to a Bitcoin wallet, your ETH funds to an Ethereum wallet, your XMR funds to a moneto wallet, etc from inside the wallet software - Do not make any transactions from Atomic Wallet. If you need to transfer obscure tokens, swap them on a centralized exchange for a decentralized asset such as Bitcoin or ETH.


[1]: https://www.cryptopolitan.com/atomic-wallet-users-report-losses-as-platform-falls-victim-to-hack/
[2]: https://support.atomicwallet.io/article/146-list-of-derivation-paths
This is most likely a data breach, but a really nasty reveal of how these "self-custodial wallets" aren't so "self-custodial" at all. utterly disappointing.
The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.
Someone got a hold of sensitive data from the Atomic Wallet's servers, supposedly from a security flaw within the piles of codes that atomic has made. They abused such flaw and then from there, the hacking of wallets begun. Picture it this way, you're renting an apartment (atomic wallet user) from your kind landlord (Atomic Wallet itself), you have your key and all that to protect you from thieves, but at the same time your landlord requires a copy of every key you would have for your apartment as well, until such a day came around when your landlord's main abode got broken into from a security flaw, and then from there the pandemonium begins as the thieves got a hold of every key in their property, stealing everything they could from every room.

That's basically how it went down.
Pages:
Jump to: