Investigation Launched into Atomic Wallet Hack by Police in Estonia and Kazakhstan
The team behind Atomic Wallet, a non-custodial mobile crypto wallet, is cooperating with the police of Estonia and Kazakhstan regarding a hacking incident that occurred on June 3. The wallet’s CEO, Konstantin Gladych, confirmed that the team has provided all necessary information to aid in the investigation. Over $100 million worth of various cryptocurrencies were stolen in the hack, affecting over 5,500 wallets. Blockchain intelligence firm Elliptic suggested that the North Korean hacker group Lazarus may have been responsible for the theft. Atomic Wallet, which has over a million downloads on the Google Play store, allows users to keep their private keys on their own devices. The cause of the breach is still uncertain, but it is speculated that the wallet’s technical design may have had flaws that permitted hackers access to users’ crypto. The wallet may have been sending copies of private keys to the company’s server or used recovery phrases that were not random enough, allowing hackers to “brute-force” the wallets. It is also possible that private keys were derived from transaction data or that the wallet manufacturer’s infrastructure was breached. Atomic Wallet faced criticism last year from security firm Least Authority, which highlighted flaws in the wallet’s code and its lack of adherence to best practices for wallet design.