In a major cybersecurity incident, Atomic Wallet, the popular multicurrency digital wallet provider, is investigating a significant breach, with early estimates indicating that hundreds of millions of dollars' worth of cryptocurrency has been stolen from private wallets.
In a worrying turn of events, Australian users appear to be among the big losers according to the social media feeds and forum posts.
Google temporarily suspended downloads and updates for the Atomic Wallet app in Australia, as those affected are believed to be predominantly Android users. Atomic Wallet backend get.atomicwallet.io appeared to be shut down down by the wallet team after they found the server compromised.
An initial analysis of the incident, based on the public accounts of those affected, indicates that the breach may have originated from a rogue update to the Atomic Wallet app, pushed via the server to the end users.
Users have reported that they were forced to install an app update, just before they noticed their funds had vanished. This pattern of events suggests that the security flaw was exploited at Atomic Wallet's cloud server level, where the attacker managed to tamper with the application code and roll out a fraudulent update.
In the normal course of operation, while private keys are not stored on the server, they become temporarily accessible on login and during transactions. It's conjectured that the malevolent update exploited this window of access, surreptitiously reading and transmitting these private keys to the perpetrator.
The tampered "new version" could silently exfiltrated the private key - unique and critical security elements of any cryptocurrency wallet. By seizing these keys, the attacker gained access to users' cryptocurrency assets, facilitating the massive heist.
This suspected breach method raises concerns over the security protocols at Atomic Wallet, as it seems that the unauthorized modification of the software on the exploited server was not detected before it was rolled out to end-users.
Following a wave of complaints across forums and social media platforms, Atomic Wallet eventually acknowledged the breach on its Twitter account and assured users that an investigation is underway.
"We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly," the tweet read.
In a subsequent update, the group revealed that it is working in collaboration with leading security companies to identify the attack vectors. Furthermore, they are in the process of gathering information from affected users and have reached out to major exchanges and blockchain analytics companies to track and potentially block the stolen funds.
It is unclear at this stage whether Estonia-based Atomic Wallet has the capacity to reimburse the affected users for their losses or if the financial strain will push it towards bankruptcy.