Atomic Wallet hacked! Get your funds out now!

[Z-tight]

And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.

Atomic wallet is a self custody wallet, it isn't a custodial wallet. But Atomic wallet is closed source and any wallet that is closed source is not recommended, with open source wallets users can verify the codes, but if the wallet is closed source you have to trust what the developers tell you about how they generate the keys of their users. The best choice of wallet should be one that is open source, self custody and has a good reputation.

[headingnorth]

For online wallets I would only use Mycelium or Electrum bitcoin wallets. These are open source bitcoin-only wallets that have been around since 2011.

Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.

Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??

[Die_empty]

Already existing topic:

A Non-Custodial wallet, Atomic Wallet, being compromised

I saw this thread there too but was not given too much attention because I am not using Atomic Wallet but with this NotATether thread I became conscious about the wallet. And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.

Atomic wallet is a  non-custodian wallet but it is a closed source wallet.
 

[vv181]

~move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.

Atomic wallet is a  non-custodian wallet but it is a closed source wallet.
 

The question is can we call a closed-source wallet as a non-custodial wallet?

If we follow Atomic Wallet's non-custodial wallet definition, which is "Non-custodial wallets give you full control over your funds and in most cases provide serverless solutions. The keys stored in an encrypted manner on the user’s device and never leave it out." Does someone truly have full control over one fund, while acknowledging the system that controls their own funds is unknown or closed?

Specifically for Bitcoin, there are more trusted and especially, an open-sourced, transparent wallet, that is popularly used by many people such as Electrum. On the other hand, in this case, there is a rumour user's seed phrases are sent to the server and the system of the wallet itself is enclosed. I don't think it deserved to be called a non-custody wallet.

[DaNNy001]

~move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.

Atomic wallet is a  non-custodian wallet but it is a closed source wallet.
 

The question is can we call a closed-source wallet as a non-custodial wallet?

If we follow Atomic Wallet's non-custodial wallet definition, which is "Non-custodial wallets give you full control over your funds and in most cases provide serverless solutions. The keys stored in an encrypted manner on the user’s device and never leave it out." Does someone truly have full control over one fund, while acknowledging the system that controls their own funds is unknown or closed?

I think with all the given preference, I think the appropriate answer would be NO because noncustodial would mean that the users has full control of his keys for example the open source electrum wallet would be a perfect example of the proposed noncustodial wallets this atomic wallet is claiming to be, and don't understand why its presumably call a noncustodial wallet when there is some breach of the user funds in the wallet.

[PX-Z]

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

Tsk. I don't know what to expect to other wallet that is claimed "non-custodial" wallet anymore. If this kind of structure are followed by other those "non-custodial" wallets then people should think twice using and installing them. Unless they are open source and can be installed by available binaries released of the software for own build.

[pooya87]

The so-called non-custodial wallet must have been sending your wallet info to their servers, that's the only way the hackers could've got to it.

Tsk. I don't know what to expect to other wallet that is claimed "non-custodial" wallet anymore. If this kind of structure are followed by other those "non-custodial" wallets then people should think twice using and installing them. Unless they are open source and can be installed by available binaries released of the software for own build.

There has been a lot of cases where the companies use "buzzwords" to attract customers who would later lose their money. Like Binance calling the centralized alt-platform a DEX, or closed source wallets call themselves safe and throw around terms like "non-custodial".

When it comes to security, when certain things are lacking your security is as good as compromised. So when you see a wallet developing team making a silly reasoning like this trying to justify being closed-source, you should know that something is seriously wrong:

Here's our reasoning behind keeping our wallet a partly closed source app:
- Atomic Wallet is a unique product created by a hard-working team.
- We don't want to make scammers' jobs easier.
- We don't want fake apps to boom in numbers.

[Outhue]

Not in a prominent enough board; most newbies will never find it and will lose their funds as a result.

I think this is the 3rd time this thread has been created

A Non-Custodial wallet, Atomic Wallet, being compromised

Atomic wallet probably exploited

Since it's not in a place where everyone can see, shouldn't it be moved, @Wind_FURY should please move his topic to Bitcoin discussion board so everyone can see it and quickly take actions. It's a very serious matter and should be well informed.  

Leave it be, this is a time sensitive warning news that has to be available in every boards on the forum, this is the best way it can get to many people as possible, do you not know that some people only visit few boards on this forum and call it a day?

Some people visits altcoin discussion board for example and once they say one or two things in this board they leave, so OP knows what he is doing.

It is time to start giving up on third party crypto wallet companies, they don't know what they are doing anymore, crypto wallet recovery seed are meant to be offline, they don't have to sync anything like this in the cloud, this is why I always frown on any crypto wallets that are giving their users the option to sync their recovery seed into a cloud storage.

If they are advancing their customers to store their recovery seed in the cloud storage then there are probably doing the data with the wallet's data.

[tabas]

One of the victims said that he's into cybersecurity and he didn't know what happened but AFAIK, the funds were sent back to the victims CMIIW.
Knowing that a guy who's profession is into cybersecurity lost his funds onto this wallet, this losses their credibility and even before this incident has happend this is a common thing for most non custodial wallets. And that is to never leave your huge funds there, I can't imagine having millions worth of crypto and storing it on a wallet like this. Maybe they're just confident because they've been using it for years but for an added security, I think they're aware that they should have used something better and a more secured wallet with a small investment needed for the purchase of it and that's a hardware wallet.

[steve5946]

One of the victim to this lost nearly over $2.8m - which is so sad thinking about how this person maybe feeling right now. The overall losses have reached over $35M.

It's true that there are risks in storing crypto, even if you are using hardware wallets. How this is a lot. I just hope Atomic wallet will compensate these victims.

By the looks of how things are going nowadays, cyber security will be the growth story for the next 50 to 100 years!

[Z390]

For online wallets I would only use Mycelium or Electrum bitcoin wallets. These are open source bitcoin-only wallets that have been around since 2011.

Wallets that store altcoins aka crapcoins aka scam-tokens are much more complex than bitcoin-only wallets making them much easier to hack into.

Altcoins are a total scam and and untold billions have been lost to them. When will idiots ever learn??

Mycelium wallet supports erc20 smart contract though, so readjust your point, Mycelium is not a Bitcoin only wallet, and this isn't suppose to make the crypto wallet less secured in anyway, sorry if you think like that.

My advice to all crypto newbies is to start using old crypto wallets, go oldies and know peace, Mycelium and few others are old masters in this crypto space, but many newbies want something new.

I doubt that Atomic wallet team will pay for this loss, because the money is big, it's up to 35million dollars that the hackers have stolen, and their main target are users with higher numbers of asset to USD in their wallet.

[MoonOfLife]

And this is not the first time NotATether has warned users of bitcoin and other Cryptocurrencies to move their pins/funds from custodian wallets to non custodian wallets but people give deaf ears. He even made a thread of "Not your coins, not your fund". People should use custodian wallets if they are using the coins instantly and not keeping it there for a long period of time.

Atomic wallet is a self custody wallet, it isn't a custodial wallet. But Atomic wallet is closed source and any wallet that is closed source is not recommended, with open source wallets users can verify the codes, but if the wallet is closed source you have to trust what the developers tell you about how they generate the keys of their users. The best choice of wallet should be one that is open source, self custody and has a good reputation.

We don't have any proof that this is really an outside hack or they are playing a hoax to get investors' money. But if it's a real wallet vulnerability, then either open source wallet or closed wallet will be attacked equally. This is one of the many risks of investing in bitcoin. Don't always say that just choosing an open source and non-custodial wallet is 100% safe. With the recent events of Ledger and the hacks in the crypto industry, we should emphasize the risks of investing in this market so that everyone becomes more careful and vigilant.

[franky1]

alot of people in this topic think:
open-source means serverless control.. its does not mean this. it means you can read the source code. that is it

non custodian means serverless control.. it does not mean this. it means you hold the keys. but the software can still make API/RPC (remote calls) into the software where by a remote user can control what the software on your device does

take for example the exchange feature of this wallet. the user handling their phone device just selects an altcoin to trade with. but does not do anything like choosing a bitcoin address to send funds to..
.. instead its the server that hosts all the bids/asks of the exchange and holds all the recipient addresses of all the coins of a trade. its the server that tells a users device a bitcoin address to send funds to and gets the device to sign the transactions and takes that transaction and sends it onto the peer to peer network to bet into a block

just owning the keys is one security. but if that software has remote access to commands, which tell the software/device how to spend funds.. that is a security vulnerability.

[Rupok]

Wallet is a very important thing in people's life, especially online based wallets.  One of the reasons we often hear that online wallets get hacked is because we share wallet access to different places.We use wallet access in multiple places due to which hackers hack wallet with all our information from there.  I have noticed that many people keep all their money in one wallet, but this is our biggest mistake.Everyone should keep money in multiple wallets.Using hardware wallets instead of software wallets. Because software wallets are easily hacked.  And unknown tokens cannot be add wallet without justification.

[pooya87]

but the software can still make API/RPC remote calls into the software where by a remote user can control what the software on your device does

That's a different story and it can not happen at the same time with being open source. Unless the project is unpopular and nobody cares enough to look through the source code, such an obvious attack vector is found rather quickly.

[franky1]

but the software can still make API/RPC remote calls into the software where by a remote user can control what the software on your device does

That's a different story and it can not happen at the same time with being open source. Unless the project is unpopular and nobody cares enough to look through the source code, such an obvious attack vector is found rather quickly.

most people that see the word "open source".. just end up trusting the devs and not actually reading the code themselves.. so even open source can employ exploits and bugs which are not found until the attack happens.. and its only then that people then look for the cause and call it out as a fault

[bct_ail]

The Wallet software is no longer available for download at atomicwallet.io. Does anyone know where I can download the current or older versions?

[nimogsm]

One of the victim to this lost nearly over $2.8m - which is so sad thinking about how this person maybe feeling right now. The overall losses have reached over $35M.

It's true that there are risks in storing crypto, even if you are using hardware wallets. How this is a lot. I just hope Atomic wallet will compensate these victims.

By the looks of how things are going nowadays, cyber security will be the growth story for the next 50 to 100 years!

Yes, I also read this news today, the amount of losses is impressive. It is sad that this happens in our time when it is possible to conduct audits and other security measures for the application. I expect other wallets to pay more attention to internal security and other users will not experience what users of this application have experienced.

[dwminer1]

I have several cryptocurrencies that I stake in Atomic Wallet. Unstaking usually takes a few days. Has anyone seen any information on what to do in this situation? Or maybe any suggestions? I'm using the desktop version and haven't opened the wallet in over a week.

[KiaKia]

Coming from a crypto wallet that'd non-custodial like they claimed, and some people use Atomic wallet to store funds through 2019 bears and 2021 bulls, I don't know what to believe in this crypto space anymore, for my altcoins I will now have to rely on someone that can pay the damages, it's why I still somehow believe that Trust wallet is better than the rest, if anything bad happens from their side they will take responsibility,  I do hope that atomic wallet developers take this responsibility and pay back all those affected, because clearly it's their own freaking fault.

This is what happens when something called open source is not really open source, I just pray they are able to pay their users back, 30 million dollars is not a small loss from investors and many lives depend on their crypto portfolio.