Atomic Wallet users might have fallen victim to Lazarus, the infamous North Korean hacking group, said blockchain intelligence firm Elliptic in a blog post on Tuesday.
Early Saturday morning, the team behind Atomic, a non-custodial crypto wallet, announced that some users were compromised and lost the funds from their wallets. According to the company, the number of incidents did not exceed 1% of "monthly active users." The announcement followed multiple reports on Reddit from users complaining their wallets had been drained.
ZachXBT, a pseudonymous blockchain sleuth, estimated that around $35 million in various cryptocurrencies had been stolen, including bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), polygon (MATIC) and Tron-based USDT.
The stolen crypto has been funneled to a mixer called Sindbad.io, Elliptic wrote. This mixer, which Elliptic believes is a successor of the previously sanctioned mixer Blender.io, has been often used to launder money from other hacks attributed to Lazarus, and the usage pattern is the same, Elliptic said. The firm also found connections between the wallets containing the loot from Atomic and some of the Lazarus hacks, the blog post reads.
Read more: Least Authority Discloses Security Risks in Atomic Wallet
Last year, security audit company Least Authority warned in a blog post that Atomic Wallet may have been vulnerable to breaches. According to Least Authority, issues included the way Atomic implemented cryptography, that it did not adhere to the best practices for wallet design, a lack of robust project documentation and incorrect use of Electron, a framework for building desktop applications. The firm has since taken down the post.
According to Dmytro Budorin, CEO of blockchain security firm Hacken, there are several possible explanations for how the hack happened. One reason could be that Atomic's way to generate recovery phrases (the so-called seed phrases) for wallets did not produce sufficiently random sequences of words, making it easier for hackers to brute-force wallets, Budorin told CoinDesk.
Non-custodial wallets like Atomic allow users to keep their crypto autonomously, without trusting a centralized company, which means if users lose a device or password for their wallet they can only recover funds using the seed phrase. However, anyone who has access to the seed phrase can duplicate the wallet and steal the funds.
Another hypothesis is that hackers could have mathematically derived the users’ private keys from the transactions data visible on the bitcoin blockchain. This kind of attack was described in a freshly published paper by researcher at the University of California, San Diego. Hacken also detected that the Android version of Atomic “relied on an outdated and vulnerable dependency” when signing transactions, Budorin said.
Other possibilities include a supply chain attack on the wallet manufacturer, a hack of Atomic’s website or the intentional or unintentional broadcasting of users’ private keys to Atomic’s centralized server, according to Hacken.
According to ZachXBT, over $1 million in funds stolen from a single have been successfully recovered by Jito Labs, a Solana blockchain scaling startup.
"This hack is very vocal, highlighting the core problems in crypto wallets. The wallets don't pay enough attention to building a strong architecture with security best practices implemented," Budorin added.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
暂时没有评论,赶紧抢沙发吧!