Atomic wallet reported some wallets have been compromised. ZachXBT and Tayvano reported an aggregated loss of $35M so far.

The attacker was able to gain access to user private keys and passwords by modifying the source code of the application on the server that the user wallets interact with.

The concerns surrounding Atomic Wallet's vulnerabilities were raised in in Feb 2022. Specifically, vulnerabilities in Atomic Wallet include user fund loss due to cryptography implementation, lack of adherence to design standards, insufficient documentation, and incorrect use of Electron framework. While Atomic has addressed some of the issues, several remain and perhaps this incident may be the result of what were left unaddressed.

Updated on 6/14: May be related to a BGP misconfiguration that redirected the auto-update version to an endpoint controlled by the exploiter with fake update.
Updated 6/26: Patterns indicated that this may be the work of the Lazarus Group - https://twitter.com/PeckShieldAlert/status/1673538357027274753