Hackers are Targeting Atomic and Exodus Wallets

Malicious Code Targeting Atomic and Exodus Wallets. Source: ReversingLabs

Moreover, the malware also collects system details and monitors how successfully it infiltrated each target. This intelligence allows threat actors to improve their methods and scale future attacks more effectively.

Meanwhile, ReversingLabs also noted that the malware maintains persistence. Even if the deceptive package, such as pdf-to-office, is deleted, remnants of the malicious code remain active.

To fully cleanse a system, users must uninstall affected crypto wallet software and reinstall from verified sources.

Indeed, security experts noted that the scope of the threat highlights the growing software supply chain risks threatening the industry.

“The frequency and sophistication of software supply chain attacks that target the cryptocurrency industry are also a warning sign of what‘s to come in other industries. And they’re more evidence of the need for organizations to improve their ability to monitor for software supply chain threats and attacks,” ReversingLabs stated.

This week, Kaspersky researchers reported a parallel campaign using SourceForge, where cybercriminals uploaded fake Microsoft Office installers embedded with malware.

These infected files included clipboard hijackers and crypto miners, posing as legitimate software but operating silently in the background to compromise wallets.

The incidents highlight a surge in open-source abuse and present a disturbing trend of attackers increasingly hiding malware inside software packages developers trust.

Considering the prominence of these attacks, crypto users and developers are urged to remain vigilant, verify software sources, and implement strong security practices to mitigate growing threats.

According to DeFiLlama, over $1.5 billion in crypto assets were lost to exploits in Q1 2025 alone. The largest incident involved a $1.4 billion Bybit breach in February.