Atomic, Exodus wallets targeted in new cybersecurity exploit
Users of the Atomic and Exodus wallets are being targeted by threat actors uploading malicious software packages to online coding repositories to steal crypto private keys in the latest cybersecurity threat identified by...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Users of the Atomic and Exodus wallets are being targeted by threat actors uploading malicious software packages to online coding repositories to steal crypto private keys in the latest cybersecurity threat identified by security professionals.
According to cybersecurity researchers at ReversingLabs, the exploit works by hiding malicious code in seemingly legitimate npm software packages, which are pre-built bundles of code widely used by software developers.
These malicious software packages target locally installed Atomic Wallet and Exodus Wallet files by installing a patch that overwrites the files to compromise the user interface and fool the unsuspecting victim into sending crypto to scam addresses.
Software supply chain attacks are an emerging threat vector targeting crypto holders as the industry continues to play a cat-and-mouse game with hackers attempting to steal user funds using increasingly sophisticated methods to avoid detection.
The malicious code contained in the pdf-to-office package. Source: ReversingLabs
Related: $2B lost to crypto hacks in Q1 2025, $1.63B from access control flaws
Hackers target crypto community in increasingly sophisticated attacksAccording to cybersecurity firm Hacken, crypto hacks and exploits cost the industry roughly $2 billion in losses during Q1 2025, most of which came from the $1.4 billion Bybit hack in February.
The SafeWallet developer released a post-mortem update in March 2025 outlining a forensic analysis of the single biggest hack in crypto history.
SafeWallet's analysis ultimately found that a Safe developer's computer was compromised by hackers who hijacked the developer's Amazon Web Services session tokens to access the firm's development environment and set up the Bybit attack.
Jameson Lopp, a cypherpunk and chief security officer at Bitcoin (BTC) custody company Casa, recently sounded the alarm on BTC address poisoning attacks.
A breakdown of the losses caused by crypto hacks and exploits in Q1 2025. Source: Hacken
Address poisoning attacks target victims by generating destination addresses that match the first four and the last four characters of an address from the victim's transaction history.
The threat actor then sends a transaction from the malicious address for a small amount, typically below one dollar, to the target so that the address will show up in a victim's transaction history.
If the victim is not paying attention by carefully examining the entire address, they may mistakenly send funds to the malicious address, which closely resembles the destination.
Cybersecurity firm Cyvers estimates that address poisoning attacks were responsible for $1.2 million in stolen funds in March 2025 alone.
Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on CointelegraphRelated market context
DeFi’s Newest Threat: How Malicious Liquidity Pools Are Trick-Quoting Ethereum and Polygon Users
DeFi infrastructure firm Enso has identified a new class of malicious liquidity pools called “toxic pools.” Unlike traditional exp...
Kuwait condemns Iranian attacks on critical infrastructure as crypto markets feel the shockwaves
Kuwait condemns Iranian strikes on critical infrastructure as Bitcoin liquidations exceed $1 billion and US Treasury sanctions Ira...
Kaspersky identifies malware framework targeting cryptocurrency investors through fake GitHub projects
Kaspersky uncovers GitVenom malware campaign using 200+ fake GitHub repos and AI-generated docs to steal Bitcoin from crypto inves...
ConsenSys inadvertently hired North Korean operative who accessed MetaMask’s core code
ConsenSys inadvertently hired a North Korean operative as a developer consultant who accessed MetaMask's core code before being de...
Google Gemini AI Reveals Shocking Solana Price Target for 2026
Google Gemini AI predicts a Solana price target that skips the usual talking points and goes straight to a number that made us pau...
Strategy faces scrutiny over Bitcoin strategy amid STRC $100 target concerns
Strategy Inc. faces scrutiny over its Bitcoin strategy amid yield concerns. STRC hitting $100 by December 31 at 43.5% YES. The pos...