Restless Atomic Wallet hack victims express frustration over lack of updates
The response to the Atomic Wallet hack has called into question the security of other hot wallets on the market.
Atomic Wallet users expressed frustration with the lack of updates since its hack on June 3.
A recent Reddit post highlighted the state of user sentiment, with the OP asking multiple questions, including “What is really happening?” and “What went wrong?”
The OP’s annoyance at being left in the dark boiled over into speculation the hack was an inside job – a theme repeated by post commenters and others.
Atomic Wallet hacked
On June 3, Atomic Wallet said it had received multiple reports of wallet hacks. It stated that investigations were underway and that it would share information soon.
A gave an update on June 5, saying the issue appears to have affected a small minority of users, with the last unauthorized withdrawal occurring almost two days ago.
“At the moment less than 1% of our monthly active users have been affected/reported. Last drained transaction was confirmed over 40h ago.“
However, some users dispute the claim that hacking activity ceased 40 hours before the June 5 update. For example, one user posted a screenshot showing Bitcoin leaving his wallet around 01:00 on June 3.
The latest information on the matter indicated more than $35 million in crypto was stolen, with one victim down $7.95 million in USDT, making it the most significant single loss.
The official Atomic Wallet Twitter has not posted since the June 5 update, stirring restlessness among victims.
The most upvoted comment in the Reddit post above expressed frustration at the lack of updates, saying the situation is made worse given that victims were not to blame for the losses.
“Seriously the lack of update for the scale of this hack is appalling. Being robbed because of the app security flaw and not by one’s carelessness is intolerable…”
However, another commenter said, “No news is good news,” as it indicates the team is busy resolving the situation, including retrieving funds.
The matter of Atomic Wallet reimbursing users or not was a frequent discussion point among the commenters.
Although there has been no official confirmation of the attack vector used, btc21.de founder Joko claimed that an automatic malicious update sent private keys to the attacker upon opening the app.
Joko further speculated: “The absolutely terrible response from the AW team leads me to believe this is a rug pull.”
Answering a comment on whether the automatic update method can be used on other hot wallets, such as Exodus, Trust, and Argent, Joko said it was possible but less likely as those wallets are open source, unlike Atomic Wallet.