Atomic Wallet hacked! Get your funds out now! - page 3.

Die_empty

hero member

Activity: 686

Merit: 987

Give all before death

Quote from: pawanjain on June 04, 2023, 12:03:12 PM

Quote from: NotATether on June 04, 2023, 07:50:44 AM

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

Atomic wallet might be a non-custodian wallet but just like trust wallet, it is a closed-source wallet. Malicious apps can be imputed to the code by criminals or even compromised staff can carry out this attack. One of the benefits of open-sourced wallets is that these attack or bad codes can be identified easily and corrections could be made before it causes any harm. So the not your keys, not your coins message should be added with the need to use only open-sourced wallets. It is sad to see people lose their hard-earned income because they believed that since they own the keys their funds are safe. Victims are waiting for more news from the company's officials.

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: pawanjain on June 04, 2023, 12:03:12 PM

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

You are not correct, a self custody wallet like Electrum that is open source is safe if the user backs up their seed phrase safely, and in more than one location, as well as practising great operational security too. But when a wallet is closed source, even if it is a self custody wallet, it isn't safe because you don't know how they generate the seed phrase or keys, or if everything they tell their users is true. Needless to say that Atomic wallet is closed source, so there may have been a flaw in how they are generating their users keys and seed phrase and probably an attacker has exploited this to steal funds.

pawanjain

hero member

Activity: 2702

Merit: 716

Nothing lasts forever

Quote from: NotATether on June 04, 2023, 07:50:44 AM

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

Ultegra134

hero member

Activity: 1680

Merit: 845

Quote from: Jawhead999 on June 04, 2023, 08:58:03 AM

Quote from: so98nn on June 04, 2023, 08:39:16 AM

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

I'm sorry, but isn't the Atomic wallet supposed to be non-custodial? If so, how do they have access to private keys? Has this information been confirmed, because in another thread someone mentioned that it could be a phishing attack that targeted Atomic's users, not that private keys were leaked. More and more wallets are being compromised, including a few hardware ones. A year ago, I read an article regarding TrustWallet. I can't recall any details, but it seems to be a rather frequent issue, which makes us wonder: are our funds truly safe? What can we do in order to be 100% certain that we're secured, and worst of all, is it even possible?

franky1

legendary

Activity: 4270

Merit: 4534

atomic wallet is not just a wallet. its a built-in exchange. and im GUESSING that the exploit is more to do with the mechanisms of exchanging funds rather than just the wallet function.

after all even though the user chooses a altcoin to swap with and presses send. the user is not choosing a destination address or manually choosing where his funds go to.. (he doesnt communicate with the swap recipient to get their address)

behind the scenes alot more has to happen in the actual exchange process like choosing destinations of who gets the btc in that exchange for an altcoin. thus details are transfered/received with a central server....
a phone wallet is not a node that makes connections to 5million other phones. it connects to a central server which hosts all the bids/asks offers and manages the swaps by the server supplying/setting the destinations for the swaps and making the signing process calls.. its not as decentralised as people think.

so a guy at the server or a hacker can simply make the destination addresses of a swap become the "hackers" address. because users doing swaps dont manually type in the address of whom they are swapping with.. the server does all that

hd49728

legendary

Activity: 2044

Merit: 1018

Not your keys, not your coins!

Quote from: Jawhead999 on June 04, 2023, 08:58:03 AM

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

The same for Ledger Recovery Service which splits seed words to three shards. Ledger claims that it is safe but who knows. As a Bitcoin users, you put your keys, seed words into hands of Ledger and two more entities. I am sorry but I can not trust anyone to hold my seed, private key. With Ledger Recovery Service, risk will be trippled.

Quote

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

People just get it wrong. Password of a wallet only protect your wallet file, encrypt that file and prevent hackers to access the file too easily. However, if hackers know your wallet seeds, the wallet password is non sense.

Same with 2-factor authentication, if hacks happen at serious scale, it can not save you.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

8 months ago, some guy on YouTube had his atomic wallet hacked and all ($900) worth of Bitcoins were stolen from it. (for some reason the idiot hacker did not steal his other assets.) He had 2FA enabled and changed his password multiple times: https://youtu.be/0QBu4BncFqQ

It is incredibly shocking how lax the security of this wallet is, if a random guy can just break into your secured wallet and steal the coins inside.

bettercrypto

sr. member

Activity: 1498

Merit: 271

DGbet.fun - Crypto Sportsbook

It happened just yesterday, and it looks like a phishing attack. For its users, I think they still have a chance to get their assets out of the atomic wallet right away. These hackers are really perverse to non-custodial wallets. When there is a chance, they will really take it.

So the community here in cryptocurrency will not lose to worry about this kind of news of robbery in its wallet accounts. The security of non-custodial wallets still needs to be improved so that trust and peace of mind are not lost.

khiholangkang

hero member

Activity: 2184

Merit: 599

Quote from: Jawhead999 on June 04, 2023, 08:58:03 AM

Quote from: so98nn on June 04, 2023, 08:39:16 AM

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

That is a crazy thing, and that is a big risk for those of us who store our funds in their service wallet, I hope this does not cause great losses to other users.

In other words, if the server has been broken, then any security in the user's wallet will be easily supplied by hackers.
Because this hacker can be said to stab from inside, not from the outside of the user's wallet.

By the way, whether they are the developers of the atomic server froze transactions on their services or not, to anticipate theft, when they realize that they are being hack.

Jawhead999

legendary

Activity: 1708

Merit: 1187

Quote from: so98nn on June 04, 2023, 08:39:16 AM

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

so98nn

hero member

Activity: 2114

Merit: 603

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

So when we verify it with our password then it should not be connected to the internet anymore as the info is anyway sent to the pool and miner does the rest (confirmation etc).

Also thanks for the notification. Gives another reason to hold Bitcoin in my hardware wallet.

Hyphen(-)

hero member

Activity: 994

Merit: 744

Quote from: ?? on ??

Quote from: NotATether on June 04, 2023, 07:55:42 AM

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

I think this is the 3rd time this thread has been created

A Non-Custodial wallet, Atomic Wallet, being compromised

Atomic wallet probably exploited

Since it's not in a place where everyone can see, shouldn't it be moved, @Wind_FURY should please move his topic to Bitcoin discussion board so everyone can see it and quickly take actions. It's a very serious matter and should be well informed.

I believe this board and the beginner's board are the most frequented by newcomers on the forum, thus his thread will be visible to them.

I was unaware of the other posts because I don't frequent technical conversations. As a result, I believe this thread will be the one to immediately communicate with the information, and it will have more engagements than the other threads.

yazher

hero member

Activity: 2184

Merit: 585

You own the pen

I think this is the best time to consider having multiple non-custodial wallets for backup because once this will also happens to your wallet, you just going to quickly send it to another wallet for safety. unlike when it happens and you don't have any backup with you, I'm sure you will get panicked once you see the news about your wallet and sometimes you have a massive amount of bitcoins which will go to cause you major breakdowns or you might going to send your bitcoins to a wrong address, so it's better to relax and get your bitcoins as soon as possible to avoid such scenarios.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: NotATether on June 04, 2023, 07:55:42 AM

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

That is correct. Also that some people on the thread may think that it is as a result of phishing attack but which I do not think. I like your idea of telling people to install Atomic wallet and sweep the coins entirely into another wallet.

Or to just import the seed phrase on another wallet, then create another seed phrase on the wallet which you can send the coins to the address of the seed phrase generated newly on the wallet.

Just like I commented on that thread, I wonder why some people may be using a wallet that its bitcoin address is still a legacy address. If no good updates on bitcoin, how would the the wallet entirely be.

There are better wallets that can be used. Especially bitcoin wallets which are open source like Electrum and Bluewallet.

Also I think unstoppable or metamask wallet will be good for altcoins. I do not know much about altcoins.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Charles-Tim on June 04, 2023, 07:52:42 AM

Already existing topic:

A Non-Custodial wallet, Atomic Wallet, being compromised

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Already existing topic:

A Non-Custodial wallet, Atomic Wallet, being compromised

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Atomic Wallet has suffered a serious security breach which has allowed hackers to steal user funds[1]. It is not only on Windows, but also MacOS (Linux I'm not sure. ~~You should not assume your funds are safe~~.)

Huge apologies, I meant to write unsafe but somehow the autocorrect changed it to "safe" which is completely false.

Just read it as "your funds are not safe".

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

Steps to perform right now:

- Please note the assets that are in your wallet and their derivation paths[2] (if you must type in your password to do this, do it while you are disconnected from the internet. Do not reconnect until Atomic is completely uninstalled.)
- Uninstall Atomic Wallet immediately.
- Sweep your funds to a Bitcoin wallet, your ETH funds to an Ethereum wallet, your XMR funds to a moneto wallet, etc from inside the wallet software - Do not make any transactions from Atomic Wallet. If you need to transfer obscure tokens, swap them on a centralized exchange for a decentralized asset such as Bitcoin or ETH.

[1]: https://www.cryptopolitan.com/atomic-wallet-users-report-losses-as-platform-falls-victim-to-hack/
[2]: https://support.atomicwallet.io/article/146-list-of-derivation-paths

Topic: Atomic Wallet hacked! Get your funds out now! - page 3. (Read 478 times)