Atomic Wallet suffered an unknown exploit earlier this month and the company has narrowed down the culprit to four possibilities.
In a statement, Atomic Wallet lists “four potential causes” for the unauthorized transactions:
- virus on local device (claimed to be most likely)
- infrastructure breach
- malware code injection
- man-in-the-middle attack
Atomic Wallet says 0.1 percent of users were affected and no new cases have been reported since the June 3 incident.
According to Atomic Wallet “nothing is confirmed” and this is leaving a bad taste in users mouths as evidenced by a plethora of Twitter posts demanding more information or calling the company’s statement an outright lie. Some Atomic Wallet users are claiming funds are still being drained.
As of today, Atomic Wallet has not provided a detailed explanation of what happened although they do say they are working with crypto investigators Chainalysis and Crystal to figure it out. The company also stated “such types of attacks are very hard to recognize.”
Atomic Wallet says the company does not store or have access to private keys and because of that, it is making the investigation of the root cause “more complex.” The company points out all cryptocurrency is stored on the blockchain and Atomic Wallet is just an interface to interact with it.
The company says it took steps since the June 3 incident to prevent further exploitation by changing access to their servers, switching internal processes to “under attack mode,” halting all app downloads and updates, and alerting major exchanges.
None of the possible issues are confirmed as potentially causing massive breaches, at least in the latest Atomic app versions. Builds are verified by external auditors.
So who are the external auditors for Atomic Wallet?
PREVIOUS COVERAGE Atomic Wallet Users Missing Funds After Unknown Event
