Atomic Wallet users have recently faced a concerning situation, as they might have fallen victim to Lazarus, the infamous North Korean hacking group, according to a blog post by blockchain intelligence firm Elliptic. Atomic, a non-custodial crypto wallet, announced that a small number of users were compromised and lost their funds. Although the number of incidents represents not more than 1% of the monthly active users, the losses amount to around $35 million in various cryptocurrencies, such as bitcoin, ether, tether, and dogecoin, among others.
Elliptic reported that the stolen crypto was funneled to a mixer called Sindbad.io, suspected of being a successor to the previously sanctioned mixer Blender.io. The mixer has been used to launder money from other hacks attributed to Lazarus, and the usage pattern is consistent with those previous incidents. Connection between the wallets containing loot from the Atomic hack and other Lazarus hacks was also identified.
It was previously warned by security audit company Least Authority that Atomic Wallet may be vulnerable to breaches. They cited various issues, including how Atomic implemented cryptography, not adhering to the best practices for wallet design, and incorrect use of Electron, a framework for building desktop applications. Although the firm has since taken down the post, the recent hack demonstrates that serious security issues could be affecting Atomic Wallet.
Dmytro Budorin, CEO of blockchain security firm Hacken, mentioned several possible explanations for the hack. One theory is that Atomic’s recovery phrases for wallets did not produce sufficiently random sequences of words, making it easier for hackers to brute-force wallets. This is particularly alarming, as recovery phrases are the only way to recover funds in non-custodial wallets if a user loses their device or password.
Another hypothesis suggests that hackers might have derived users’ private keys from the transaction data visible on the bitcoin blockchain. Such an attack was described in a recently published paper by a researcher at the University of California, San Diego. Also, Hacken detected that the Android version of Atomic relied on an outdated and vulnerable dependency when signing transactions. Other possibilities include a supply chain attack on the wallet manufacturer or a hack of Atomic’s website.
According to ZachXBT, a Solana blockchain scaling startup called Jito Labs has managed to recover over $1 million in funds stolen from a single user. Budorin added, “This hack is very vocal, highlighting the core problems in crypto wallets. The wallets don’t pay enough attention to building a strong architecture with security best practices implemented.”
The Atomic Wallet hack serves as a stark reminder to crypto enthusiasts about the need for better security practices and thorough scrutiny of wallet designs. As cryptocurrency adoption increases, focusing on robust security measures will be crucial to protect users and safekeep their funds.
Source: Coindesk
