Some have suggested that it could be a proxy, like a hidden service version of onion.to. While that's possible, one indicator would be that accessing the site takes twice as long. Hidden service access times can be quite variable, but I haven't experienced a noticeable delay in accessing the phishing site. Plus, that would make it the most sophisticated phishing site we've seen. Once phishers get your user/pass/pin, they don't care anymore. Usually they throw up an error page. Why would someone create such a sophisticated phishing site for mostly useless Atlantis accounts? Why spam it here where the vast majority of people don't have Atlantis accounts? In my mind, there's a 95% chance it is run by the Atlantis admins, and a 5% chance it's a proxy.