Crypto Catastrophe Strikes Some Atomic Wallet Users, Over $35 Million Thought St...

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area

The Atomic Wallet app has suffered a large-scale attack resulting in the potential theft of up to $35 million worth of cryptocurrency, with losses possibly exceeding $50 million. The Register reports: The Atomic Wallet app's makers first reported June 3 that some folks were complaining some crypto had been taken from their wallets and deposited in strangers' accounts, with others saying their wallets had been emptied completely. The biz tweeted Monday that less than one percent of their monthly active users had reported they were affected, though that number could grow with more reports coming in.

"Security investigation is ongoing. We report victim addresses to major exchanges and [use] blockchain analytics to trace and block the stolen funds," the company wrote, adding that the "last drained transaction was confirmed over 40h ago." A Twitter user with the handle ZachXBT, who describes themselves as an "on-chain sleuth," suggested over the weekend that the losses traced have added up to more than $35 million, with the largest victim having $7.95 million swiped. The five largest losses seen by ZachXBT added up to $17 million, almost half of the known total. "Think it could surpass $50 million. Keep finding more and more victims sadly," was the message.

Crypto security researcher Tay tweeted that the first report of stolen funds came in late on June 2. Since then reports of the stolen assets began rolling in, with some users reporting that their entire crypto portfolios were hijacked. [...] Atomic Wallet is collecting information from victims to try to get a better gauge on how the cyber-theft happened. In a Google Docs form, the company is asking users for such information as the operating system on their devices, the online app store they used to buy the Atomic Wallet app, the amount of lost funds coins and when the coins were withdrawn, where they stored the backup phrase, and when the last time was that they used their wallet before they saw that the coins were stolen.

It's unclear how the miscreants were able to steal the funds from users' wallets and Atomic Wallet said it is working with third-party security vendors to investigate. If there really is a low number of users affected, it may be some kind of credential stuffing, phishing, or brute-force attack, or a malware infection on the victims' devices. As if the stolen funds weren't enough of a problem, users also have to deal with the scams that typically crop up in the wake of such heists. ZachXBT tweeted that phishing scammers are already spamming fake Atomic Wallet refund efforts on Twitter in hopes of roping in some victims whose money was stolen.

Do you have a GitHub project? Now you can sync your releases automatically with SourceForge and take advantage of both platforms.
Do you have a GitHub project? Now you can automatically sync your releases to SourceForge & take advantage of both platforms. The GitHub Import Tool allows you to quickly & easily import your GitHub project repos, releases, issues, & wiki to SourceForge with a few clicks. Then your future releases will be synced to SourceForge automatically. Your project will reach over 35 million more people per month and you’ll get detailed download statistics.
Sync Now