The crypto industry recently witnessed another high-profile hack, underscoring the critical importance of wallet security. Atomic Wallet, a centralized storage and wallet service, fell victim to the breach, resulting in the theft of $35-100 million worth of various tokens. This article provides an overview of the incident and the ongoing investigation.
It is essential for platform owners to perform dApp audits to provide their end users with secure wallets.
Over the weekend, Atomic Wallet suffered a breach resulting in the theft of cryptocurrencies worth at least $35 million, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), and polygon (MATIC). Among the stolen assets, Tron-based USDT was reported to be the largest stash.
The security audit firm Least Authority previously warned of risks in Atomic Wallet, citing vulnerabilities like flawed cryptography, non-adherence to best practices, insufficient documentation, and incorrect use of the Electron framework, all potentially endangering user funds.
Atomic Wallet has reported that they are investigating a recent hack that impacted 1% of their monthly active users. While specific details of the breach have not been disclosed by the company, they have requested affected users to provide information through Google Forms to assist with the investigation.
There have been reports suggesting that illicit funds from the hack have been traced to Sinbad.io, a crypto mixer allegedly favored by the Lazarus Group, a North Korean cyber-hacking group responsible for the Ronin and Harmony hacks. It is important to note that these reports are based on allegations, and further investigation is needed to confirm any connections.
Alexander Nazarov, Lead dApp Auditor at Hacken, provided valuable insights into the Atomic Wallet incident from a technical perspective. Potential attack vectors that could have led to the breach include:
Insufficient entropy in key generation: Atomic Wallet generates a random seed that is mapped to a mnemonic using the BIP-39 wordlist. If the seed is not sufficiently random, it becomes susceptible to brute-force attacks.
Fault attacks on key-related algorithms: This weakness can allow attackers to mathematically derive the private key from public information, such as signatures. Additionally, the Android version of Atomic Wallet was found to use an outdated and vulnerable dependency, which could have potentially contributed to the attack.
Keys transmitted to a centralized server: There is a possibility that keys were unintentionally or intentionally transmitted to a centralized server, possibly through logs and monitoring mechanisms. This could have provided an opportunity for attackers to gain unauthorized access.
Supply-chain attack: The incident could have resulted from a supply-chain attack if the attackers had gained access to the project’s infrastructure. However, taking control of the newly updated website alone would not be sufficient to compromise all users, as it would only impact those using the desktop version or directly installing the Android APK from the website.
It’s important to emphasize that these potential attack vectors remain theoretical and have not been confirmed. And it’s impossible to draw definitive conclusions without access to the source code or deeper insights into the wallet.
Considering the broader picture, Nazarov raised the possibility the hack is not an “Atomic Wallet incident” per se. It is possible that the victims happened to use the same wallet, and therefore, it becomes crucial to identify other common patterns among affected users.
Either way, there’s still a considerable risk that the vulnerability comes from Atomic Wallet, so we advise against its use. Atomic Wallet users should move their assets to another wallet for added safety. While users of other wallets have not reported similar problems, taking proactive measures can help mitigate potential risks and protect one’s digital assets.
Although the technical analysis sheds light on potential vulnerabilities, it’s essential to await the completion of the investigation to gain a comprehensive understanding of the incident.
In conclusion, the recent Atomic Wallet hack underscores the critical importance of wallet security in the crypto industry. Safeguarding your digital assets is paramount, and a secure wallet is a fundamental component of interacting with blockchain networks. To ensure the safety of your funds, pay close attention to wallet security practices and consider the benefits of dApp audits. By prioritizing wallet security and seeking professional guidance, you can protect your assets and navigate the crypto landscape with confidence.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.