One possibility how they did the hack
It is possible that the Atomic wallet client is vulnerable to an attack in which malicious servers are leveraged to throw up an error message to users making a crypto transaction.
These pop-ups would then direct the wallet holder to deceptive sites that offered seemingly legitimate atomic client upgrades.
However, the binaries in these downloads will then contain a backdoor that can be used to steal your crypto
“ A atomic server form their own distributed network to increase resiliency to individual nodes going offline or falling behind the blockchain,”
“The more malicious atomic servers in the network, the higher the chance that a wallet will be attacked,”
“As a result, it is possible to flood peer tables with these ghost servers to perform a Sybil attack, where an attacker attempts to fill the network with servers they control to increase their chances to connect with Electrum clients.”.
“Remaining vigilant and downloading software only from trusted sources will remain the best advice for users of atomic users,”
“The incentive for a Sybil attack will go away once the vast majority of users have upgraded their software,”
If this is the method used by the hackers you can almost be sure that this is an inside job as the Atomic team has not released any updates (of course on purpose) and this hack is aimed precisely at people who are going to shift their funds in panic! The Twitter announcement of Atomic wallet itself would then be a perfect catalyst.
Especially if they do not provide any further information (in which they did), then panic breaks out and everyone transfers their crypto to another wallet as quickly as possible, which causes many people to get false pop-ups and then install a dangerous version. So be wary of a pop-up if you now send your funds from Atomic wallet, it could just be that this is exactly is the hack!