Malicious Actors are Targeting Atomic and Exodus Wallet Users

Monicah W

Cybercriminals have found a new attack vector, targeting users of Atomic and Exodus wallets through open-source software repositories.

The latest wave of exploits involves distributing malware-laced packages to compromise private keys and drain digital assets.

How Hackers are Targeting Atomic and Exodus Wallets

ReversingLabs, a cybersecurity firm, has uncovered a malicious campaign where attackers compromised Node Package Manager (NPM) libraries.

These libraries, often disguised as legitimate tools like PDF-to-Office converters, carry hidden malware. Once installed, the malicious code executes a multi-phase attack.

First, the software scans the infected device for crypto wallets. Then, it injects harmful code into the system. This includes a clipboard hijacker that silently alters wallet addresses during transactions, rerouting funds to wallets controlled by the attackers.

Malicious Code Targeting Atomic and Exodus Wallets.
Malicious Code Targeting Atomic and Exodus Wallets. Source: ReversingLabs

Moreover, the malware also collects system details and monitors how successfully it infiltrated each target. This intelligence allows threat actors to improve their methods and scale future attacks more effectively.

Meanwhile, ReversingLabs also noted that the malware maintains persistence. Even if the deceptive package, such as pdf-to-office, is deleted, remnants of the malicious code remain active.

To fully cleanse a system, users must uninstall affected crypto wallet software and reinstall from verified sources.

Indeed, security experts noted that the scope of the threat highlights the growing software supply chain risks threatening the industry.

“The frequency and sophistication of software supply chain attacks that target the cryptocurrency industry are also a warning sign of what’s to come in other industries. And they’re more evidence of the need for organizations to improve their ability to monitor for software supply chain threats and attacks,” ReversingLabs stated.

This week, Kaspersky researchers reported a parallel campaign using SourceForge, where cybercriminals uploaded fake Microsoft Office installers embedded with malware.

These infected files included clipboard hijackers and crypto miners, posing as legitimate software but operating silently in the background to compromise wallets.

The incidents highlight a surge in open-source abuse and present a disturbing trend of attackers increasingly hiding malware inside software packages developers trust.

Considering the prominence of these attacks, crypto users and developers are urged to remain vigilant, verify software sources, and implement strong security practices to mitigate growing threats.

According to DeFiLlama, over $1.5 billion in crypto assets were lost to exploits in Q1 2025 alone. The largest incident involved a $1.4 billion Bybit breach in February.

The post Malicious Actors are Targeting Atomic and Exodus Wallet Users appeared first on BeInCrypto.

Related Posts

3 Altcoins Crypto Whales Are Selling After Trump’s Liberation Day Tariffs

Crypto whales have begun to quietly shift their altcoin positions following Trump’s Liberation Day tariffs. Uniswap (UNI), Chainlink (LINK), and Ondo Finance (ONDO) have all seen declines in the number of wallets holding between 10,000 and 100,000 tokens.

While the sell-off hasn’t been dramatic, the timing and consistency across multiple tokens suggest growing caution or short-term repositioning. As these altcoins face key support and resistance levels, whale behavior could continue to shape their price trajectories in the coming days.

Uniswap (UNI)

The number of Uniswap (UNI) addresses holding between 10,000 and 100,000 tokens has been steadily declining, a trend that began before Trump’s so-called Liberation Day and has continued in its aftermath.

Between April 2 and April 3 alone, this group of crypto whales dropped from 825 to 821, signaling a slight but notable reduction in confidence or positioning from a segment often seen as strategically reactive.

Number of Addresses Holding Between 10,000 and 100,000 UNI.
Number of Addresses Holding Between 10,000 and 100,000 UNI. Source: Santiment.

While this decline may seem modest, it reflects a broader sentiment of caution among larger UNI holders, which often precedes or reinforces price weaknesses.

Currently, UNI price remains in a clear downtrend, with growing risks of a drop toward the $5.50 level or even below it if bearish momentum continues. However, if the trend begins to reverse, the token could first test resistance at $5.97.

A successful breakout from there could push Uniswap higher toward $6.23, a level that would suggest a stronger recovery is underway.

For now, though, the decrease in whale-sized wallets and prevailing bearish momentum place the asset in a vulnerable technical position.

Chainlink (LINK)

While the number of Chainlink (LINK) whale addresses—those holding between 10,000 and 100,000 LINK—only slightly declined after Trump’s Liberation Day, falling from 2,859 to 2,855, the context leading up to that matters more.

From March 29 to April 1, this group was actively accumulating, with the number of crypto whales rising from 2,852 to 2,860. This short burst of accumulation suggested growing confidence in LINK’s upside potential heading into the month.

The recent dip may simply reflect mild profit-taking or caution during the current correction rather than a broader shift in sentiment.

Number of Addresses Holding Between 10,000 and 100,000 LINK.
Number of Addresses Holding Between 10,000 and 100,000 LINK. Source: Santiment.

Technically, LINK is at a critical point. If the ongoing correction deepens, the token could fall below $12 for the first time since November 2024, with $11.85 as the key support to watch.

However, if the trend shifts and buyers regain control, LINK could first test resistance at $13. A break above that level would likely open the door for a move toward $13.45.

Ondo Finance (ONDO)

ONDO is showing a trend similar to Chainlink, with whale accumulation taking place between March 26 and March 29 as the number of addresses holding between 10,000 and 100,000 ONDO grew from 376 to 390.

This wave of accumulation pointed to growing interest and confidence from larger holders. However, after peaking, the number of whales started to drop, falling from 374 to 371 following Trump’s Liberation Day.

This decline, while subtle, may indicate a pause in optimism or a cautious shift in positioning among key players.

Number of Addresses Holding Between 100,000 and 1,000,000 ONDO.
Number of Addresses Holding Between 100,000 and 1,000,000 ONDO. Source: Santiment.

From a price perspective, ONDO now sits at an important moment. If it can regain the bullish momentum seen last month, it could push through the resistance at $0.82, with the potential to climb further toward $0.90 or even $0.95 if strength persists.

However, if momentum continues to fade, downside risks increase, with support levels around $0.76 and $0.73 likely to be tested.

The post 3 Altcoins Crypto Whales Are Selling After Trump’s Liberation Day Tariffs appeared first on BeInCrypto.