Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Atomic Wallet Hack: Overview And Ongoing Investigation

Atomic Wallet Hack: Overview And Ongoing Investigation

Share via:

The crypto industry recently witnessed another high-profile hack, underscoring the critical importance of wallet security. Atomic Wallet, a centralized storage and wallet service, fell victim to the breach, resulting in the theft of $35-100 million worth of various tokens. This article provides an overview of the incident and the ongoing investigation.

It is essential for platform owners to perform dApp audits to provide their end users with secure wallets.

Details Of The Hack

Over the weekend, Atomic Wallet suffered a breach resulting in the theft of cryptocurrencies worth at least $35 million, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), and polygon (MATIC). Among the stolen assets, Tron-based USDT was reported to be the largest stash.

The security audit firm Least Authority previously warned of risks in Atomic Wallet, citing vulnerabilities like flawed cryptography, non-adherence to best practices, insufficient documentation, and incorrect use of the Electron framework, all potentially endangering user funds.

Investigation And Suspected Culprits

Atomic Wallet has reported that they are investigating a recent hack that impacted 1% of their monthly active users. While specific details of the breach have not been disclosed by the company, they have requested affected users to provide information through Google Forms to assist with the investigation.

There have been reports suggesting that illicit funds from the hack have been traced to Sinbad.io, a crypto mixer allegedly favored by the Lazarus Group, a North Korean cyber-hacking group responsible for the Ronin and Harmony hacks. It is important to note that these reports are based on allegations, and further investigation is needed to confirm any connections.

Expert Opinion And Technical Analysis

Alexander Nazarov, Lead dApp Auditor at Hacken, provided valuable insights into the Atomic Wallet incident from a technical perspective. Potential attack vectors that could have led to the breach include:

Insufficient entropy in key generation: Atomic Wallet generates a random seed that is mapped to a mnemonic using the BIP-39 wordlist. If the seed is not sufficiently random, it becomes susceptible to brute-force attacks.

Fault attacks on key-related algorithms: This weakness can allow attackers to mathematically derive the private key from public information, such as signatures. Additionally, the Android version of Atomic Wallet was found to use an outdated and vulnerable dependency, which could have potentially contributed to the attack.

Keys transmitted to a centralized server: There is a possibility that keys were unintentionally or intentionally transmitted to a centralized server, possibly through logs and monitoring mechanisms. This could have provided an opportunity for attackers to gain unauthorized access.

Supply-chain attack: The incident could have resulted from a supply-chain attack if the attackers had gained access to the project’s infrastructure. However, taking control of the newly updated website alone would not be sufficient to compromise all users, as it would only impact those using the desktop version or directly installing the Android APK from the website.

It’s important to emphasize that these potential attack vectors remain theoretical and have not been confirmed. And it’s impossible to draw definitive conclusions without access to the source code or deeper insights into the wallet.

Considering the broader picture, Nazarov raised the possibility the hack is not an “Atomic Wallet incident” per se. It is possible that the victims happened to use the same wallet, and therefore, it becomes crucial to identify other common patterns among affected users.

Either way, there’s still a considerable risk that the vulnerability comes from Atomic Wallet, so we advise against its use. Atomic Wallet users should move their assets to another wallet for added safety. While users of other wallets have not reported similar problems, taking proactive measures can help mitigate potential risks and protect one’s digital assets.

Although the technical analysis sheds light on potential vulnerabilities, it’s essential to await the completion of the investigation to gain a comprehensive understanding of the incident.

Final Thoughts

In conclusion, the recent Atomic Wallet hack underscores the critical importance of wallet security in the crypto industry. Safeguarding your digital assets is paramount, and a secure wallet is a fundamental component of interacting with blockchain networks. To ensure the safety of your funds, pay close attention to wallet security practices and consider the benefits of dApp audits. By prioritizing wallet security and seeking professional guidance, you can protect your assets and navigate the crypto landscape with confidence.

Follow @hackenclub on 𝕏 (Twitter)