What’s stopping the investigation into stealing $35 million from Atomic Wallet

Wallet developers are not cooperating with the investigation and refuse to provide data to back up their claims of hacking

In early June, users of the popular cryptocurrency wallet Atomic Wallet faced massive thefts of cryptocurrency. The first occurred back on June 2.Since then, several analysts in the investigation and have traced more than $35 million worth of stolen money. The wallet team said it was investigating the hack. But at the time of publication, it had not released any details of the incident.

Our experts note that Atomic is is a non-custodial cryptocurrency wallet. Unlike exchanges, such wallets allow users to store funds independently of a third party. The service originally launched in 2017 as a cryptocurrency exchanger called Atomic Swap. According to the official website, Atomic Wallet has more than 5 million users.

Although the standard in cryptocurrencies is considered open source. In Atomic Wallet’s case, it has always kept its code closed, including from independent auditors. Some cryptocurrency projects prefer not to disclose the software code. In order to avoid being copied by competitors. However, users, since they cannot view the code. And they cannot check if it really works the way it is supposed to and does not contain bugs. Instead, they are forced to trust the developers.

Details of the hack have not yet been disclosed

Transparency of blockchain as a public registry of cryptocurrency transfers allows to identify the addresses of affected wallets. As well as the further movement of funds. According to an analysis by an online detective known in the cryptocurrency community under the ZachXBT. According to his conclusions, hackers stole about $35 million in various cryptocurrencies. The researcher was also contacted by victims. In doing so, providing him with transaction data on the wallet. The hack stole funds in Ethereum (ETH), Dogecoin (DOGE), Litecoin (LTC), BNB (BNB) and Polygon (MATIC) cryptocurrencies. And one of the victims lost $8 million worth of crypto-assets.

According to Elliptic’s blockchain analysts, the hacker used Sinbad.io, a cryptomixer popular with North Korean hackers, to launder stolen funds. Based on the results of past major hacks, investigators estimate. That the North Korean hacker group Lazarus Group laundered more than $100 million through it. Analysts did not name the amount of Atomic users’ funds spent through the mixer. But they did say that Sinbad.io is probably a revamped version of Blender.io, a service heavily used by Lazarus Group. And the first mixer to be sanctioned by the U.S. Treasury Department.

The investigation requires obtaining so-called server logs, an activity log that logs all user activity on the site. But Atomic Wallet refuses to provide the necessary files to analysts from various companies, despite numerous requests.

 

Read More

Atomic Wallet hacker used a cryptomixer popular with North Korean hackers

Atomic Wallet cryptocurrency wallet representative said that his team is “doing everything possible” to recover the stolen funds. And advised the victims of the incident to track the hacker’s transactions themselves

An Atomic Wallet cryptocurrency hacker who stole about $35 million in user funds. He used Sinbad.io, a cryptomixer popular with North Korean hackers, to launder the stolen funds, Elliptic blockchain analysts said.

Atomic Wallet, a cryptocurrency service for non-custodial storage of digital assets, was hacked in early June. The attack stole Bitcoin, Ethereum (ETH), Tether (USDT), Dogecoin (DOGE), Litecoin (LTC), BNB (BNB) and Polygon (MATIC) totaling at least $35 million from Atomic customers.

Elliptic found out that the hacker started transferring funds via Sinbad.io, a transaction anonymization service. And which is used by the North Korean hacker group Lazarus Group. North Korean hackers laundered over $100 million through Sinbad io.

Analysts have not named the amount of Atomic users’ funds spent through the mixer. But they did say that Sinbad.io is probably a revamped version of Blender.io, a service heavily used by Lazarus Group. And the first mixer to be sanctioned by the U.S. Treasury Department.

The Atomic Wallet team is “doing everything they can” to recover the stolen funds. But creating a concrete plan is possible only after the investigation is complete. Atomic Wallet marketing director Roland Sede told Cointelegraph.

According to him, having victims of the attack track and report illegal transfers to cryptocurrency exchanges could prevent scammers from withdrawing funds. For its part, the site is doing just that. Because “the more attention hackers get, the harder it is for them (funds) to move them,” Sede said.

Our experts note that according to Atomic Wallet, the hack affected “less than 1%” of the service’s monthly active users. The attack was also stopped on Saturday, May 3. But Twitter users responded with screenshots showing that their funds were stolen even after that time.

Read More

Ledger CEO confirmed the possibility of authorities gaining access to customer private keys

Government may require companies storing passwords from cryptocurrencies connected to LedgerRecover to disclose this information. Crypto Upvotes expert review

Ledger CEO Pascal Gauthier admitted that authorities could gain access to the private keys of users of hardware cryptocurrencies. And that will be connected to the new Ledger Recover service. On the What Bitcoin Did podcast, Gauthier noted that this could only happen through the courts, so it’s unlikely.

The LedgerRecover service is a voluntary feature that allows users to split a secret phrase (seed-phrase, or private wallet key) into three pieces. And send them to three third-party companies for storage.

If the secret phrase is lost, it can be recovered. At the same time, by combining these three fragments on the Ledger device and passing identification. Ledger Recover costs $9.99 a month.

The new service has sparked a wave of criticism – users were outraged by the fact that not only the owner can have access to the data on a hardware device.

Ledger shareholder and former CEO Eric Larchevec said. That governments could demand access to user funds stored on Ledger devices that subscribe to the new service. Now users are concerned. And that their funds could be blocked by the authorities if they use the service.

These comments have raised questions for Ledger users. But Ledger CEO Pascal Gauthier said such a scenario is unlikely.

According to Gauthier, it is not worrisome because governments only issue such subpoenas for serious reasons. And for example, in connection with events related to terrorism or drugs. The head of the company noted that “the average person doesn’t get a criminal court summons every day”.

Ledger postponed update due to scandal

Ledger postponed the launch of LedgerRecover, a scandalous password recovery service, due to criticism. In a letter to users, Pascal Gauthier, head of the hardware cryptocurrency wallet maker, said. That Ledger won’t introduce the new feature before publishing its open source code.

Ledger does not release all of its product codes to the public. But, according to Gauthier, the company has now learned a lesson from its “unintentional mistake in communicating” with the audience. And it will be publishing operating system and tool codes on an expedited basis.

“We’ve decided to accelerate the data discovery roadmap! We will open up as much Ledger operating system code as possible, starting with the core components of the OS, and LedgerRecover. Which will not be released until this work is completed,” he wrote.

Code openness won’t affect the security of the device or improve it in any way, the company promises. But it will make the information transparent to users. And experts will be able to verify that malicious codes are not present in the devices’ software.

 

Read More

Visa has developed an autopay solution on Ethereum blockchain

Visa is using a proposal from Ethereum developers. It will allow automatic pre-scheduled payments from non-custodial crypto wallets

Visa has developed a blockchain-based autopay solution. A document published by this company details a new concept based on Account Abstraction (AA) technology from Ethereum developers. It will allow the implementation of automatic pre-planned payments using smart contracts in non-custodial users’ wallets.

Account Abstraction technology was proposed back in 2016. Since the core Ethereum network does not yet support AA. Therefore, VISA implemented its solution in StarkNet, a second-tier blockchain built on top of Ethereum blockchain. The account model in StarkNet just uses AA technology.

Whereas normal accounts check if a transaction is correctly signed for a specific address. With StarkNet, they simply verify that the transaction is coming from a given address. In addition, the introduction of Visa’s concept into this blockchain has not only enabled the deployment of a new auto-payment feature. But also increased transaction throughput.

Visa notes that it sees autopay as a key functionality that the existing blockchain infrastructure lacks. And it invites interested companies working in this area to work together on projects in the field of programmable payments.

Our experts note that payment companies from traditional financial industry this year began to actively develop projects related to blockchain and cryptocurrency. Also at the end of September, SWIFT and Chainlink oracle network announced joint work on a blockchain project. This project will allow traditional financial companies to conduct transactions on a platform that supports almost all blockchains.

Read More