Atomic Wallet hacked! Get your funds out now!

[NotATether]

Atomic Wallet has suffered a serious security breach which has allowed hackers to steal user funds[1]. It is not only on Windows, but also MacOS (Linux I'm not sure. You should not assume your funds are safe.)

Huge apologies, I meant to write unsafe but somehow the autocorrect changed it to "safe" which is completely false.

Just read it as "your funds are not safe".

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

Steps to perform right now:

- Please note the assets that are in your wallet and their derivation paths[2] (if you must type in your password to do this, do it while you are disconnected from the internet. Do not reconnect until Atomic is completely uninstalled.)
- Uninstall Atomic Wallet immediately.
- Sweep your funds to a Bitcoin wallet, your ETH funds to an Ethereum wallet, your XMR funds to a moneto wallet, etc from inside the wallet software - Do not make any transactions from Atomic Wallet. If you need to transfer obscure tokens, swap them on a centralized exchange for a decentralized asset such as Bitcoin or ETH.

[1]: https://www.cryptopolitan.com/atomic-wallet-users-report-losses-as-platform-falls-victim-to-hack/
[2]: https://support.atomicwallet.io/article/146-list-of-derivation-paths

[1714659685]

1714659685

[1714659685]

1714659685

[1714659685]

1714659685

[Charles-Tim]

Already existing topic:

A Non-Custodial wallet, Atomic Wallet, being compromised

[NotATether]

Already existing topic:

A Non-Custodial wallet, Atomic Wallet, being compromised

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

[Charles-Tim]

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

That is correct. Also that some people on the thread may think that it is as a result of phishing attack but which I do not think. I like your idea of telling people to install Atomic wallet and sweep the coins entirely into another wallet.

Or to just import the seed phrase on another wallet, then create another seed phrase on the wallet which you can send the coins to the address of the seed phrase generated newly on the wallet.

Just like I commented on that thread, I wonder why some people may be using a wallet that its bitcoin address is still a legacy address. If no good updates on bitcoin, how would the the wallet entirely be.

There are better wallets that can be used. Especially bitcoin wallets which are open source like Electrum and Bluewallet.

Also I think unstoppable or metamask wallet will be good for altcoins. I do not know much about altcoins.

[yazher]

I think this is the best time to consider having multiple non-custodial wallets for backup because once this will also happens to your wallet, you just going to quickly send it to another wallet for safety. unlike when it happens and you don't have any backup with you, I'm sure you will get panicked once you see the news about your wallet and sometimes you have a massive amount of bitcoins which will go to cause you major breakdowns or you might going to send your bitcoins to a wrong address, so it's better to relax and get your bitcoins as soon as possible to avoid such scenarios.

[Hyphen(-)]

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

I think this is the 3rd time this thread has been created

A Non-Custodial wallet, Atomic Wallet, being compromised

Atomic wallet probably exploited

Since it's not in a place where everyone can see, shouldn't it be moved, @Wind_FURY should please move his topic to Bitcoin discussion board so everyone can see it and quickly take actions. It's a very serious matter and should be well informed. 

I believe this board and the beginner's board are the most frequented by newcomers on the forum, thus his thread will be visible to them.

I was unaware of the other posts because I don't frequent technical conversations. As a result, I believe this thread will be the one to immediately communicate with the information, and it will have more engagements than the other threads.

[so98nn]

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

So when we verify it with our password then it should not be connected to the internet anymore as the info is anyway sent to the pool and miner does the rest (confirmation etc).

Also thanks for the notification. Gives another reason to hold Bitcoin in my hardware wallet.

[Jawhead999]

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

[khiholangkang]

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

That is a crazy thing, and that is a big risk for those of us who store our funds in their service wallet, I hope this does not cause great losses to other users.

In other words, if the server has been broken, then any security in the user's wallet will be easily supplied by hackers.
Because this hacker can be said to stab from inside, not from the outside of the user's wallet.

By the way, whether they are the developers of the atomic server froze transactions on their services or not, to anticipate theft, when they realize that they are being hack.

[bettercrypto]

It happened just yesterday, and it looks like a phishing attack. For its users, I think they still have a chance to get their assets out of the atomic wallet right away. These hackers are really perverse to non-custodial wallets. When there is a chance, they will really take it.

So the community here in cryptocurrency will not lose to worry about this kind of news of robbery in its wallet accounts. The security of non-custodial wallets still needs to be improved so that trust and peace of mind are not lost.

[NotATether]

8 months ago, some guy on YouTube had his atomic wallet hacked and all ($900) worth of Bitcoins were stolen from it. (for some reason the idiot hacker did not steal his other assets.) He had 2FA enabled and changed his password multiple times: https://youtu.be/0QBu4BncFqQ

It is incredibly shocking how lax the security of this wallet is, if a random guy can just break into your secured wallet and steal the coins inside.

[hd49728]

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

The same for Ledger Recovery Service which splits seed words to three shards. Ledger claims that it is safe but who knows. As a Bitcoin users, you put your keys, seed words into hands of Ledger and two more entities. I am sorry but I can not trust anyone to hold my seed, private key. With Ledger Recovery Service, risk will be trippled.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

People just get it wrong. Password of a wallet only protect your wallet file, encrypt that file and prevent hackers to access the file too easily. However, if hackers know your wallet seeds, the wallet password is non sense.

Same with 2-factor authentication, if hacks happen at serious scale, it can not save you.

[franky1]

atomic wallet is not just a wallet. its a built-in exchange. and im GUESSING that the exploit is more to do with the mechanisms of exchanging funds rather than just the wallet function.

after all even though the user chooses a altcoin to swap with and presses send. the user is not choosing a destination address or manually choosing where his funds go to.. (he doesnt communicate with the swap recipient to get their address)

behind the scenes alot more has to happen in the actual exchange process like choosing destinations of who gets the btc in that exchange for an altcoin. thus details are transfered/received with a central server....
a phone wallet is not a node that makes connections to 5million other phones. it connects to a central server which hosts all the bids/asks offers and manages the swaps by the server supplying/setting the destinations for the swaps and making the signing process calls.. its not as decentralised as people think.

so a guy at the server or a hacker can simply make the destination addresses of a swap become the "hackers" address. because users doing swaps dont manually type in the address of whom they are swapping with.. the server does all that

[Ultegra134]

What is the cause for this hack?
Isn’t we are protected with the private keys already and also the password authentication as an extra security.

What does it mean they send our wallet info to their servers. Isn’t the verification of transaction is done locally when through the application at the time of broadcasting?

I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.

Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.

I'm sorry, but isn't the Atomic wallet supposed to be non-custodial? If so, how do they have access to private keys? Has this information been confirmed, because in another thread someone mentioned that it could be a phishing attack that targeted Atomic's users, not that private keys were leaked. More and more wallets are being compromised, including a few hardware ones. A year ago, I read an article regarding TrustWallet. I can't recall any details, but it seems to be a rather frequent issue, which makes us wonder: are our funds truly safe? What can we do in order to be 100% certain that we're secured, and worst of all, is it even possible?

[pawanjain]

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

[Z-tight]

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

You are not correct, a self custody wallet like Electrum that is open source is safe if the user backs up their seed phrase safely, and in more than one location, as well as practising great operational security too. But when a wallet is closed source, even if it is a self custody wallet, it isn't safe because you don't know how they generate the seed phrase or keys, or if everything they tell their users is true. Needless to say that Atomic wallet is closed source, so there may have been a flaw in how they are generating their users keys and seed phrase and probably an attacker has exploited this to steal funds.

[Die_empty]

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

Atomic wallet might be a non-custodian wallet but just like trust wallet, it is a closed-source wallet. Malicious apps can be imputed to the code by criminals or even compromised staff can carry out this attack. One of the benefits of open-sourced wallets is that these attack or bad codes can be identified easily and corrections could be made before it causes any harm. So the not your keys, not your coins message should be added with the need to use only open-sourced wallets. It is sad to see people lose their hard-earned income because they believed that since they own the keys their funds are safe. Victims are waiting for more news from the company's officials.

[panganib999]

Atomic Wallet has suffered a serious security breach which has allowed hackers to steal user funds[1]. It is not only on Windows, but also MacOS (Linux I'm not sure. You should not assume your funds are safe.)

Huge apologies, I meant to write unsafe but somehow the autocorrect changed it to "safe" which is completely false.

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

Steps to perform right now:

- Please note the assets that are in your wallet and their derivation paths[2] (if you must type in your password to do this, do it while you are disconnected from the internet. Do not reconnect until Atomic is completely uninstalled.)
- Uninstall Atomic Wallet immediately.
- Sweep your funds to a Bitcoin wallet, your ETH funds to an Ethereum wallet, your XMR funds to a moneto wallet, etc from inside the wallet software - Do not make any transactions from Atomic Wallet. If you need to transfer obscure tokens, swap them on a centralized exchange for a decentralized asset such as Bitcoin or ETH.

[1]: https://www.cryptopolitan.com/atomic-wallet-users-report-losses-as-platform-falls-victim-to-hack/
[2]: https://support.atomicwallet.io/article/146-list-of-derivation-paths

This is most likely a data breach, but a really nasty reveal of how these "self-custodial wallets" aren't so "self-custodial" at all. utterly disappointing.

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

People are complaining that their coins got vanished out of the blue. How can someone steal the funds without the seed phrase ?
It's really shocking to see a non-custodial wallet get hacked like this. This shows our coins aren't safe anywhere.
While the investigation is still on, it makes me wonder if all the non-custodial wallets are risky. Any of these wallets can suffer the same fate.

Someone got a hold of sensitive data from the Atomic Wallet's servers, supposedly from a security flaw within the piles of codes that atomic has made. They abused such flaw and then from there, the hacking of wallets begun. Picture it this way, you're renting an apartment (atomic wallet user) from your kind landlord (Atomic Wallet itself), you have your key and all that to protect you from thieves, but at the same time your landlord requires a copy of every key you would have for your apartment as well, until such a day came around when your landlord's main abode got broken into from a security flaw, and then from there the pandemonium begins as the thieves got a hold of every key in their property, stealing everything they could from every room.

That's basically how it went down.

[Agbe]

Already existing topic:

A Non-Custodial wallet, Atomic Wallet, being compromised

I saw this thread there too but was not given too much attention because I am not using Atomic Wallet but with this NotATether thread I became conscious about the wallet. And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.

[_BlackStar]

This is not good news - of course it is sad news especially as we may soon find out how much user assets were stolen as a result of the hack. This hacking case is currently under investigation, and if indeed some of the members of this community are still store funds there - then immediately make withdrawal to another wallet. This thread should stay on top for some time for good visibility.