Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Wallet software
Merits 4 from 1 user
Re: A Non-Custodial wallet, Atomic Wallet, being compromised
by
DaveF
on 03/04/2025, 11:53:25 UTC
⭐ Merited by vapourminer (4)
Quote from: enquirer on April 02, 2025, 08:00:07 PM
Quote from: dkbit98 on September 29, 2023, 07:34:55 PM
Quote from: DaveF on September 22, 2023, 10:42:12 AM
They made an update to June 3rd Event Statement the other say.
Still says  'not our fault, looking in to it'
I would be interested to find out what math they used exactly to calculate that only 0.1% atomic users got affected by this issue  Roll Eyes
In best case this can only be people who contacted them and reported loss of coins with transactions they didnt make, and nobody knows how many people never contacted atomic amateurs.
New statement can be used for bitcoin wallet: not open source, not your coins.

Open source is not a panacea. AW is an Electron app, written in JavaScript. Those JavaScript programs have hundreds of packages imported through npm. It's all open source, but nobody really checks those packages or who wrote them. And any package can be updated with malicious code at any moment.

Yep, I have said it sooooo many times but I'll put it here once again:

There are countless open source apps out there run by millions and millions of people that have still had major security vulnerabilities in them for years. Open souure does not mean shit in terms of security. All it means that if people want to and have the ability to understnd it they can check what is going on. Most people don't since unless you fully understand every function and every step you can't be sure that the one section you didn't fully comprehend was the bad one.

Examples sshd and openssl 2 things that you know run on 90% of the servers on the internet: https://www.logpoint.com/en/blog/the-story-of-regresshion/

https://www.threatintelligence.com/blog/openssl-vulnerabilities

And lets not forget the Apache log4j screw up: https://www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance

Also lets not forget I can open source a wallet that automatically sends everything from everyone's wallet into mine once a year.  Could even put comments in the code as to what it does. People are going to still install / use it if I promote it enough because too many people don't read the code.

-Dave