Many of you are likely aware of the Atomic wallet breach that occurred in June 2023, when over 100 million dollars was stolen from its users. Almost a year has passed, but the Atomic developers still haven't revealed what actually happened. May be they don't know at all.
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?