Atomic Wallet Was Hacked By North Korean Hackers, Drain Millions in Cryptocurrency
In a recent development, cryptocurrency users of Atomic Wallet have fallen victim to a breach orchestrated by the notorious North Korean hacking group, Lazarus, according to blockchain intelligence firm Elliptic. Reports began to surface over the weekend as Atomic, a non-custodial crypto wallet, acknowledged that a portion of its users had suffered compromised wallets and subsequent loss of funds.
While Atomic claims that the number of affected users did not exceed 1% of their monthly active user base, users on platforms like Reddit complained of drained wallets. Blockchain sleuth ZachXBT estimated that approximately $35 million worth of various cryptocurrencies, including bitcoin, ether, tether, dogecoin, litecoin, BNB coin, polygon, and Tron-based USDT, had been stolen.
Elliptic’s investigation revealed that the stolen cryptocurrency had been funneled through a mixer called Sindbad.io, which is believed to be a successor to the previously sanctioned mixer Blender.io. The firm notes that Sindbad.io has been frequently utilized to launder money from other hacks attributed to the Lazarus group, showcasing a similar usage pattern. Additionally, Elliptic identified connections between the wallets containing the stolen funds from Atomic Wallet and previous Lazarus hacks.
The vulnerability of Atomic Wallet had previously been highlighted by security audit company Least Authority in a now-removed blog post from last year. Least Authority outlined concerns regarding the implementation of cryptography, failure to adhere to best practices for wallet design, inadequate project documentation, and incorrect use of the Electron framework. While the reasons behind the breach are still being investigated, Dmytro Budorin, CEO of blockchain security firm Hacken, proposed several possibilities.
One explanation suggests that the generation of recovery phrases, or seed phrases, for Atomic Wallet’s wallets lacked sufficient randomness, potentially facilitating brute-force attacks by hackers. Another hypothesis proposes that hackers mathematically derived users’ private keys from visible transaction data on the bitcoin blockchain. Budorin further discovered that the Android version of Atomic Wallet relied on an outdated and vulnerable dependency when signing transactions.
Other potential avenues for the breach include a supply chain attack on the wallet manufacturer, a hack of Atomic Wallet’s website, or the unintentional broadcasting of users’ private keys to Atomic’s centralized server. Hacken continues to explore these possibilities. Notably, Jito Labs, a Solana blockchain scaling startup, successfully recovered over $1 million in funds stolen from a single individual, as reported by ZachXBT.
The recent breach underscores the inherent security challenges faced by crypto wallets. Budorin emphasized the need for a robust architecture that incorporates stringent security best practices. However, Atomic CEO Konstantin Gladych refrained from commenting on the specific cause of the hack. In response to the incident, the Atomic Wallet team is collecting data from affected users and providing it to blockchain analysis firms such as Chainalysis, Crystal, and Elliptic. Furthermore, they have reported that a portion of the stolen funds has been blocked after reaching exchanges.
Gladych acknowledged that the hack was orchestrated by a team of skilled hackers who employed scripts, fund splitting techniques, and mixers. The incident serves as a stark reminder of the ongoing challenges faced by cryptocurrency wallets and highlights the pressing need for enhanced security measures to protect user funds.
Did you like the news you just read? Please leave a feedback to help us serve you better
Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.