While users of other wallets have not reported similar problems, taking proactive measures can help mitigate potential risks and protect one’s digital assets.Īlthough the technical analysis sheds light on potential vulnerabilities, it’s essential to await the completion of the investigation to gain a comprehensive understanding of the incident.
Atomic Wallet users should move their assets to another wallet for added safety. It is possible that the victims happened to use the same wallet, and therefore, it becomes crucial to identify other common patterns among affected users.Įither way, there’s still a considerable risk that the vulnerability comes from Atomic Wallet, so we advise against its use.
#Atomic crypto wallet code
And it’s impossible to draw definitive conclusions without access to the source code or deeper insights into the wallet.Ĭonsidering the broader picture, Nazarov raised the possibility the hack is not an “Atomic Wallet incident” per se. It’s important to emphasize that these potential attack vectors remain theoretical and have not been confirmed.
#Atomic crypto wallet apk
However, taking control of the newly updated website alone would not be sufficient to compromise all users, as it would only impact those using the desktop version or directly installing the Android APK from the website.
Supply-chain attack: The incident could have resulted from a supply-chain attack if the attackers had gained access to the project’s infrastructure. This could have provided an opportunity for attackers to gain unauthorized access. Keys transmitted to a centralized server: There is a possibility that keys were unintentionally or intentionally transmitted to a centralized server, possibly through logs and monitoring mechanisms. Additionally, the Android version of Atomic Wallet was found to use an outdated and vulnerable dependency, which could have potentially contributed to the attack. If the seed is not sufficiently random, it becomes susceptible to brute-force attacks.įault attacks on key-related algorithms: This weakness can allow attackers to mathematically derive the private key from public information, such as signatures. Insufficient entropy in key generation: Atomic Wallet generates a random seed that is mapped to a mnemonic using the BIP-39 wordlist. Potential attack vectors that could have led to the breach include: Expert Opinion And Technical AnalysisĪlexander Nazarov, Lead dApp Auditor at Hacken, provided valuable insights into the Atomic Wallet incident from a technical perspective. It is important to note that these reports are based on allegations, and further investigation is needed to confirm any connections. There have been reports suggesting that illicit funds from the hack have been traced to Sinbad.io, a crypto mixer allegedly favored by the Lazarus Group, a North Korean cyber-hacking group responsible for the Ronin and Harmony hacks. While specific details of the breach have not been disclosed by the company, they have requested affected users to provide information through Google Forms to assist with the investigation. Investigation And Suspected CulpritsĪtomic Wallet has reported that they are investigating a recent hack that impacted 1% of their monthly active users. The security audit firm Least Authority previously warned of risks in Atomic Wallet, citing vulnerabilities like flawed cryptography, non-adherence to best practices, insufficient documentation, and incorrect use of the Electron framework, all potentially endangering user funds. Among the stolen assets, Tron-based USDT was reported to be the largest stash. Over the weekend, Atomic Wallet suffered a breach resulting in the theft of cryptocurrencies worth at least $35 million, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), and polygon (MATIC). It is essential for platform owners to perform dApp audits to provide their end users with secure wallets. This article provides an overview of the incident and the ongoing investigation. Atomic Wallet, a centralized storage and wallet service, fell victim to the breach, resulting in the theft of $35-100 million worth of various tokens. The crypto industry recently witnessed another high-profile hack, underscoring the critical importance of wallet security.
0 kommentar(er)
