Atomic Wallet and the Problem of Single-Device Key Generation
8 Jun 2023
8 Jun 2023
Atomic Wallet's recent exploit reveals a significant problem with self-custodial wallets. But isn't self-custody the safest way to store cryptocurrencies? Today, we will explore this issue to better understand how the hack may have happened and how Gridlock Wallet provides unprecedented protection for crypto assets.
The Atomic hack really plays to the notion of decentralization - as we move towards a more decentralized, blockchain-based financial system, responsibility is increasingly placed on the individual’s shoulders to secure their digital assets. Is this the best and safest way?
The $100 million Atomic Wallet hack exposed a vulnerability in how non-custodial wallet apps issue private keys to users. It has to do with the way self-custody wallets like Atomic issue the private keys (or “seed phrases”) to their users.
Source: @AtomicWallet on Twitter
When you download an Atomic wallet or other self-custody wallet, the private key (or “seed phrase”) is encrypted. But the entire seed phrase is generated directly onto your device. Called “single-device key generation”, this system could have led to Atomic’s devastating breach.
During the Atomic Wallet hack, users lost over $100 million in BTC, ETH, USDT, DOGE, LTC, BNB, and MATIC over one weekend in June. More than 5500 wallets were affected. Up until the hack, Atomic had been a very popular self-custodial wallet, with over a million downloads on Google Play. Maybe that’s why it was so shocking that a self-custody wallet with such prominence could get hacked.
When you control the private keys, you control the crypto assets. That’s why it’s so important to maintain self-custody because you have control over the private keys.
Otherwise, if you’ve given up control of the private keys to someone else, like you would with an exchange account, you run additional risks. In an exchange, your crypto can be vulnerable to regulatory seizures, asset freezes, and other attack vectors that target the exchange’s “honeypot” of financial data (a/k/a your data!).
Sadly, in the case of Atomic Wallet, having self-custody over your crypto assets was not enough to protect them from bad actors!
Across the industry, crypto users have been led to believe that they must secure their cryptocurrency assets using a non-custodial wallet. One that they control and not a 3rd-party broker or exchange. But as these wallets have evolved, one thing has become increasingly clear: generating the private key from one device is a flaw that must be overcome.
In a world of rampant sim swaps, phishing scams, identity theft, and social engineering hacks, a self-custodial wallet with single-key vulnerability puts your crypto at undue risk.
Fortunately, opening a self-custody wallet with single-key generation is not the only option anymore. Gridlock Wallet offers solutions like Social Recovery and Distributed Key Generation to overcome these vulnerabilities.
Gridlock’s distributed key generation and storage approach ensures that your private keys are generated using multiple, trusted devices that can never exist in one place at any given time. This distributed storage mechanism significantly reduces the risk of unauthorized access and potential loss of funds, as demonstrated by the security breach experienced by Atomic Wallet users.
How it works:
With Gridlock, the wallet owner has the most authoritative key share and ultimate control. Only they can assemble the key shares for transactions or key recovery. If you lose your seed phrase, a threshold number of key shares can be prompted to reconstruct it for you only through a simplified Social Verification process.
The recent Atomic Wallet hack serves as a powerful reminder of the importance of secure storage solutions for crypto. In the evolving crypto market, it’s become clear that private key generation needs a distributed approach to up the game for self-custody wallet security.
Having a wallet solution that distributes the private keys in a zero knowledge way provides unprecedented protection. Shards of the different pieces of your private keys are distributed to Guardians you set up and control. Each key share has no knowledge of the others.
At any time, you can activate your Guardian network to initiate transactions, recover your seed phrase, or set up a new device in the case of a lost or damaged phone.
No one, including you, can ever access your full private keys/seed phrase in one place at one time. It's a feature not a bug!
If only those unfortunate cryptocurrency holders had used Gridlock Wallet, maybe they could have avoided the devastating losses from the Atomic exploit. Don't compromise the safety of your funds with single key generation wallets. Instead, defend your crypto assets with Gridlock Wallet today.
Experience a premier level of security derived from distributed key generation and storage by Downloading Gridlock Wallet today!
- - -
Written by Reid Zedkongor
Reid Zedkongor is peeling away layers of confusion around blockchain and cybersecurity. With a computer engineering background, he can dive into the details of crypto complexities to make crypto adoption easy for everyone. In his free time, he often reads fiction or enjoys a good laugh over a beer.