Atomic Wallet exploited, users report loss of entire portfolios

fron · 2 years ago

How many times does this have to happen before people learn that cryptocurrency is not a good place to park money?

scotty79 · 2 years ago

It's a great place but when you need to cash out you need fresh linux system with fresh wallet software connected to the internet only when you make the transaction. Not an app for your phone. Everybody will have malicious keylogger on their phone eventually if they install apps and sometimes even if they don't.

somsak2 · 2 years ago

> a fresh linux system with fresh wallet software connected to the internet only when you make the transaction

wow, what a practical way to be able to store and use money!

lxgr · 2 years ago

> Everybody will have malicious keylogger on their phone eventually

Are there actually any keyloggers for iOS and Android? Unlike on desktop OSes, there isn’t even an API for that, so you’d need an actual OS exploit.

> fresh linux system with fresh wallet software

And how do you make sure that that doesn’t come with a keylogger (in a world where a significant number of people were to actually do that)?

contravariant · 2 years ago

Of course you also need a clean version of linux and all software compiled with a clean compiler.

Thankfully we can be reasonably sure that some compilers at least predate cryptocurrency.

paulpauper · 2 years ago

the level of technical savvy to store crypto safely makes it impractical for the general population

spaceman_2020 · 2 years ago

And god forbid if you accidentally transfer your crypto from one incomprehensible address to another.

OscarTheGrinch · 2 years ago

AKA:too many crocodiles at the watering hole.

latchkey · 2 years ago

Neither is Paypal or Venmo.

https://www.cnn.com/2023/06/02/investing/payment-apps-safety...

anonzzzies · 2 years ago

Who would park it there though? You receive money there and send it to your bank, or you send a little money to pay something. Who stores money there?

joemazerino · 2 years ago

There are ways to park it safely and ways not to park it safely.

lxgr · 2 years ago

How are laypeople supposed to know which is which?

lfkdev · 2 years ago

? It is literally uncountable how many times the big banks stole money from regular people. Crypto indeed is a good place to store money.

j16sdiz · 2 years ago

When this happens with big bank, you could try going to the court.

When this happens to crypto, you got nobody to blame but yourself.

yashg · 2 years ago

Ah yes, big bank, bad. Government, very bad. Crypto good. Sure.

Zemtomo · 2 years ago

Huh? You literally mean a bank took your money from your account?

Which ones?

ETH_start · 2 years ago

Crypto is just totally ruthless with software exploits. Any software exploit leads to millions of dollars worth of assets being stolen, by whoever found the exploit.

scotty79 · 2 years ago

That's the cost of having something actually valuable on you actual device.

tourmalinetaco · 2 years ago

Exactly. If a million people have $5 on their device, and it gets exploited, that’s up to $5 million in payout.

spaceman_2020 · 2 years ago

The general rule of the thumb in crypto is that everything will get exploited. Its a matter of “when”, not “if”.

I wouldn’t even trust Metamask in the long run. If the wallet doesn’t get exploited, something that interacts with the wallet will.

If crypto ever becomes a bigger market, you’ll eventually have state actors trying to exploit protocols and wallets, and they’ll be more sophisticated than the North Korean hackers.

paulpauper · 2 years ago

Yet again, we see that just because you can be your bank , doesn't mean you should. These 'safe', ' audited' programs, protocols, wallets keep failing. The introduction of irrevocable bounties creates a huge incentive to find bugs. The so-called self-funded bug bounty. Never trust a 3rd party to do your crypto.

chrsig · 2 years ago

> Never trust a 3rd party to do your crypto.

This strikes me as funny because software engineers are regularly told not to roll their own crypto.

Vanit · 2 years ago

I'm pretty sure these are different uses of the word crypto.

wolongong942 · 2 years ago

The CEO is a huge scammer and at least one audit said atomic wallet was very insecure.

rkagerer · 2 years ago

Not doubting you but could we get sources for that? (Genuinely interested in some of the key highlights from that audit)

not_your_vase · 2 years ago

Well, being audited means only that it is audited. Nobody forces the company/developers to act upon the findings of the audit... but still, technically it is true that they were audited even if the outcome of the audit was "haha, I wouldn't trust my used hanky on this"

paulpauper · 2 years ago

still no update about how it was done

surely they would have some idea

tiku · 2 years ago

There should be a trail. If the funds are just gone it could be a glitch in Atomic.

anonzzzies · 2 years ago

It seems, but I might be wrong (others suggested it though) that you need the app to be compromised to do this. A server hack wouldn’t work because you still need your key/seed phrase. The app, with a hack, of course can, next to unlocking your wallets locally, send it to a server (which should never happen) and then the owner of that server can take the funds.

To me this seems the most obvious. Use open source wallets, reproducible builds, hashes and, of course, cold wallets. Also, divide; don’t put your money in one place; I would say that goes for banks too.

gregjor · 2 years ago

Slot machine gives house the edge, users report loss of entire portfolios.

gigatexal · 2 years ago

Ahh the schadenfruede is strong for me with this one. Silly cryptocurrency fans. When will they learn?

lyu07282 · 2 years ago

Perhaps now the only people left are scammers, scamming each other in an infinite loop.

qingcharles · 2 years ago

It's scammers all the way down!

throwing_away · 2 years ago

These are the stories of people learning.

Zemtomo · 2 years ago

They apparently are learning slow then ey?

yashg · 2 years ago

Never learning.