Atomic Wallet Hack: Unveiling Security Flaws and $100M Lost to Cybercrime

Estonian police investigate Atomic Wallet hack, dimly lit cybercrime scene, shattered tech elements symbolizing $100M loss, cryptos such as Bitcoin, Ether, Dogecoin subtly present, mysterious hacker character in shadows hinting at Lazarus group, ominous and tense atmosphere, focus on wallet vulnerabilities, cyber-noir art style.

The recent hack of the non-custodial mobile crypto wallet, Atomic Wallet, has left the company cooperating with Estonian police for investigations. Atomic Wallet CEO, Konstantin Gladych, confirmed that the team is working closely with the authorities and has shared critical information that could help in the investigation. Interestingly, the team has also received a request from Kazakhstan police, highlighting the global attention this breach has received.

Users of the Atomic Wallet found themselves at a loss, with over $100 million worth of crypto stolen in just the first weekend of June. Cryptocurrencies compromised include Bitcoin, Ether, Tether, Dogecoin, Litecoin, BNB, and Polygon. With over 5,500 wallets affected by the theft, experts from blockchain intelligence firm Elliptic suspect the North Korean hacker group Lazarus might be behind this massive attack.

Atomic Wallet, with over 1 million downloads on the Google Play store, enables users to store private keys of their crypto on their devices, eliminating the need for a custodian. Yet, the attack raised multiple questions about its technical design and vulnerabilities that allowed hackers to access users’ private keys, as the CEO of blockchain security firm Hacken, Dyma Budorin, pointed out.

Budorin shared a couple of possibilities for the breach, citing concerns that the wallet might have sent copies of users’ private keys to the company’s server. Alternatively, the wallet might have generated recovery (seed) phrases that were not random enough, making it easier for hackers to “brute-force” the wallets. Other possibilities include hackers deriving private keys from users’ transaction data or a breach within the wallet manufacturer’s infrastructure.

Despite the voiced concerns, Gladych did not comment on the potential cause of the hack. But this is not the first time security flaws were pointed out for the Atomic Wallet. Last year, security firm Least Authority found issues in Atomic’s use of cryptography, the robustness of project documentation, and the incorrect use of Electron, a framework for building desktop applications. Least Authority also mentioned that Atomic did not adhere to best practices for wallet design.

This incident serves as a reminder that the world of crypto is still not entirely safe from hackers and cybercrime. Crypto enthusiasts must remain vigilant and research the security features of the wallets and services they choose to use, as even popular and reputable platforms can have vulnerabilities. With further investigations underway, one hopes to learn more about what caused the breach and how to prevent such incidents in the future.

Source: Coindesk

Sponsored ad