Table of Contents
- How was the Atomic Wallet Hacked?
- Atomic Wallet Breach Investigation
- Who Hacked Atomic Wallet?
- Atomic Wallet Hacking Incident is not an Isolated Case
- Lessons from Atomic Wallet Security Breach
- Strengthen Your Crypto Security With CoolWallet
- Wrapping Up: Atomic Wallet Hack’s Implications for Crypto
Atomic Wallet, a popular Estonian crypto software wallet, recently become the latest serious crypto hot wallet victim in a mysterious hack that stole between $35 million to $100million in various tokens belonging to the wallet’s users, clearing many of their holdings altogether.
The software wallet, which claims to have 5 million users, supports more than 500 tokens on its platform with in-app features that include buying, selling, staking, and converting cryptocurrencies,. In the aftermath of the hack, Atomic Wallet claimed that less than 1% of its active monthly users – about 50,000 – were affected by the security breach.
The latest crypto wallet breach is another reminder of the persistent threats that the nascent cryptocurrency community faces especially when dealing with hot wallets, which are connected to the Internet and therefore much more susceptible to hacks and phishing scam threats that are often state-sponsored by the likes of North Korea and seem to mutate daily.
Let’s look at the Atomic Wallet hack, its implications, the lessons to be learned from it, and why dual wallet solutions that offer both hot and cold storage in one application such as CoolWallet’s Web3 ecosystem of hardware wallets and Web3 App may be the way to go to stop your funds from blowing up.
How was the Atomic Wallet Hacked?
Least Authority, a blockchain audit firm, sounded the alarm bells in February 2023 when it published a blog post warning Atomic Wallet users that their digital assets were at risk.
The report cited several security vulnerabilities that include flawed cryptography, insufficient documentation, and the improper use of the Electron framework – which effectively left users’ funds at the mercy of hackers.
In early June, only a few months later, a suspected state-sponsored hacking group led a successful cyber attack on Atomic Wallet and drained as much as $35 million in crypto. However, some estimates have placed the total losses at around $100 million.
But what exactly happened in the Atomic Wallet security breach?
There is no official explanation from Atomic Wallet. The company wrote that they do not “store nor have access to users’ private keys,” which complicates the investigation of the root cause of the hack.
The wallet’s security team speculated that the cause of the security breach could be any of the following:
- A virus targeting the devices of the wallet’s users
- Man-in-the-middle attack
- Infrastructure breach
- Malware code injection
Security experts within the crypto industry have offered their opinion in the wake of the Atomic Wallet hack. Alexander Nazarov, a lead dApp Auditor at a blockchain security firm Hacken, said the following attack vectors could have been used during the breach:
- Insufficient entropy in key generation (when they keys are not randomized enough)
- Fault attacks on important algorithms
- Keys were sent to a centralized server, proving an opportunity for hackers to gain access to users’ accounts
- Supply chain attack.
Atomic Wallet Breach Investigation
Atomic Wallet is working with investigators to put the cause to rest but has not yet offered an explanation at the time of writing. After the security incident, the wallet brand started working with crypto investigators that include blockchain security firms such as Chainalysis and Crystal.
Atomic Wallet’s team has been collecting data, monitoring transactions, and liaising with authorities. Some of the stolen loot is being laundered or mixed via different mixing services.
It is still not clear whether the affected users will be reimbursed for their lost digital assets.
Who Hacked Atomic Wallet?
Lazarus Group, North Korea’s notoriously successful state-sponsored hacking group, is believed to be behind the Atomic Wallet hack.
Elliptic, the blockchain company focusing on regulatory compliance and crypto crime risk which previously helped US law enforcement to track criminal wallets, has traced the stolen funds to Sinbad.io, a crypto-mixing service used by the Lazarus Group to launder more than $100 million in crypto assets obtained from hacking activities that include the $540 million Axie Infinity hack and $100 million from the Horizon Bridge exploit.
An analysis conducted by Elliptic shows that Sinbad.io is a new iteration of Blender.io, another mixing service heavily linked to the Lazarus Group which is under U.S. sanctions due to its ties to North Korea’s hacking group.
Atomic Wallet Hacking Incident is not an Isolated Case
Atomic Wallet is not the first crypto wallet to be compromised, nor will it be the last. Apart from hacks, nefarious actors are using several methods such as phishing to target wallet users.
The U.S. Federal Trade Commission issued an alert that warned users against an email phishing campaign targeting MetaMask wallet and PayPal users.
In the first half of 2023, a hacker stole $10 million in Ethereum by targeting the wallets of OG crypto users. This baffled security experts who had no clue how it happened.
2023 has seen its fair share of crypto hacks and scams.The wallet hacks should be used as a lesson on how to custody cryptoassets.
Lessons from Atomic Wallet Security Breach
The Atomic Wallet theft is another sobering reminder of how vulnerable digital asset holders are. This hack exposed the weaknesses of hot wallets and underscores why cold wallets are the way to go especially for long-term storage. Hackers are always finding new possible attack vectors and if white hat hackers identify a weakness in your security, as Least Authority did in February 2023, it’s best you listen and take immediate action to remedy it. If you don’t, hackers will do what they do best, steal your funds.
If you self-custody and want to play it super-safe, just use a reputable hardware wallet with proven track record, and look for extra safety features like a secure element. A hardware wallet is a cold storage solution that stores users’ private keys offline, away from the dangers of hacks and heists caused by online activity.
CoolWallet is a self-custody cold wallet geared for both experts and beginners. CoolWallet goes a long way in protecting your crypto assets.
Strengthen Your Crypto Security With CoolWallet
Want to use cold storage but also trade on the go? Or just use a hot wallet and hardware wallet as a combination?
CoolWallet’s App provides reliably safe Web3 hot and cold storage, giving them complete ownership and control of their digital assets at all times.
Ask yourself: wouldn’t you want your hot wallet maker to also be a specialist in cold storage security? Look no further than the coolest crypto wallet brand out there, which combines hot and cold to cool down your worries about self-custody.
CoolWallet’s hardware wallet range has been securing crypto users’ funds for years since it was first launched in 2014, and its CoolWallet Pro flagship model (RRP $149) offers full mobility and convenience with the security of an EAL6+ secure element and military-grade Bluetooth encryption for all DeFi, NFT and Web3 users looking to keep a discreet wafer-thin crypto wallet with them without drawing attention.
Best of all, CoolWallet’s App now has a custom-built hot wallet that is free to download and makes it super easy to move your funds from hot to cold storage and vice versa depending on your needs, and also get access to and airdrops. The two wallet modules live in one app but are completely isolated from each other. Get started here!
Wrapping Up: Atomic Wallet Hack’s Implications for Crypto
The Atomic Wallet hacks point to the dangers of using hot wallet brands that are connected online and don’t come with adequate customer support. Users that want to store their assets for a long time should consider using a cold storage wallet or a combination of cold and hot wallets for different portfolios. This Atomic Wallet security breach is another case in a young and exciting industry where opportunities and cybercriminals share the same table, and it’s up to each user to keep their funds safe.
Crypto holders that want to safeguard their digital assets against theft or scams should check out CoolWallet’s beautiful Pro and S models or simply download our CoolWallet App and start with our hot wallet, and then add a CoolWallet Pro when you can afford it. Stay safe!