Atomic Wallet and the Problem of Single-Device Key Generation

8 Jun 2023

Atomic Wallet's recent exploit reveals a significant problem with self-custodial wallets. But isn't self-custody the safest way to store cryptocurrencies? Today, we will explore this issue to better understand how the hack may have happened and how Gridlock Wallet provides unprecedented protection for crypto assets.

The Atomic hack really plays to the notion of decentralization - as we move towards a more decentralized, blockchain-based financial system, responsibility is increasingly placed on the individual’s shoulders to secure their digital assets. Is this the best and safest way?

What happened with Atomic Wallet?

The $100 million Atomic Wallet hack exposed a vulnerability in how non-custodial wallet apps issue private keys to users. It has to do with the way self-custody wallets like Atomic issue the private keys (or “seed phrases”) to their users. 

Source: @AtomicWallet on Twitter

When you download an Atomic wallet or other self-custody wallet, the private key (or “seed phrase”) is encrypted. But the entire seed phrase is generated directly onto your device. Called “single-device key generation”, this system could have led to Atomic’s devastating breach. 

During the Atomic Wallet hack, users lost over $100 million in BTC, ETH, USDT, DOGE, LTC, BNB, and MATIC over one weekend in June. More than 5500 wallets were affected. Up until the hack, Atomic had been a very popular self-custodial wallet, with over a million downloads on Google Play. Maybe that’s why it was so shocking that a self-custody wallet with such prominence could get hacked. 

Non-custodial wallets & single-device key generation

When you control the private keys, you control the crypto assets. That’s why it’s so important to maintain self-custody because you have control over the private keys. 

Otherwise, if you’ve given up control of the private keys to someone else, like you would with an exchange account, you run additional risks. In an exchange, your crypto can be vulnerable to regulatory seizures, asset freezes, and other attack vectors that target the exchange’s “honeypot” of financial data (a/k/a your data!). 

Why self-custody is no longer enough

Sadly, in the case of Atomic Wallet, having self-custody over your crypto assets was not enough to protect them from bad actors! 

Across the industry, crypto users have been led to believe that they must secure their cryptocurrency assets using a non-custodial wallet. One that they control and not a 3rd-party broker or exchange. But as these wallets have evolved, one thing has become increasingly clear: generating the private key from one device is a flaw that must be overcome

In a world of rampant sim swaps, phishing scams, identity theft, and social engineering hacks, a self-custodial wallet with single-key vulnerability puts your crypto at undue risk. 

  • It means if your one device is compromised or damaged, that could mean you lose your crypto.
  • It also places an unacceptable level of responsibility onto the crypto holders as they must secure their decentralized assets without any centralized security protocol. 

Fortunately, opening a self-custody wallet with single-key generation is not the only option anymore. Gridlock Wallet offers solutions like Social Recovery and Distributed Key Generation to overcome these vulnerabilities.

A digitized keylock with network design and a hologram-like key to depict crypto asset security

How Gridlock Wallet Works

Gridlock’s distributed key generation and storage approach ensures that your private keys are generated using multiple, trusted devices that can never exist in one place at any given time. This distributed storage mechanism significantly reduces the risk of unauthorized access and potential loss of funds, as demonstrated by the security breach experienced by Atomic Wallet users.

How it works:

  • Private keys are initially split into distributed fragments called “key shares” upon key generation.
  • Key shares are stored securely on trusted devices you choose, called “Guardians.” No Guardian has the power to access the private key.
  • Each Guardian holds one of the key fragments on their device but has no knowledge of the others.

With Gridlock, the wallet owner has the most authoritative key share and ultimate control. Only they can assemble the key shares for transactions or key recovery. If you lose your seed phrase, a threshold number of key shares can be prompted to reconstruct it for you only through a simplified Social Verification process.

Why you should protect your crypto with Gridlock

The recent Atomic Wallet hack serves as a powerful reminder of the importance of secure storage solutions for crypto. In the evolving crypto market, it’s become clear that private key generation needs a distributed approach to up the game for self-custody wallet security. 

  • Gridlock Wallet’s usage of multi-party computation technology (MPC) allows crypto investors to store their valued crypto assets with peace of mind. Gridlock wallet owners create their own security network in the form of trusted “Guardians”, each of whom are a shard of the private key. 
  • With a distributed key generation and storage approach, Gridlock minimizes the risk of theft, hacks, and other security breaches that have plagued the cryptocurrency industry.
  • Even the wallet owner cannot see the entire seed phrase - yet they control it.

How distributed key generation shields your crypto

Having a wallet solution that distributes the private keys in a zero knowledge way provides unprecedented protection. Shards of the different pieces of your private keys are distributed to Guardians you set up and control. Each key share has no knowledge of the others.

At any time, you can activate your Guardian network to initiate transactions, recover your seed phrase, or set up a new device in the case of a lost or damaged phone. 

No one, including you, can ever access your full private keys/seed phrase in one place at one time. It's a feature not a bug!

If only those unfortunate cryptocurrency holders had used Gridlock Wallet, maybe they could have avoided the devastating losses from the Atomic exploit. Don't compromise the safety of your funds with single key generation wallets. Instead, defend your crypto assets with Gridlock Wallet today.

Experience a premier level of security derived from distributed key generation and storage by Downloading Gridlock Wallet today!

- - -

Written by Reid Zedkongor

a6 (1).jpg

Reid Zedkongor is peeling away layers of confusion around blockchain and cybersecurity. With a computer engineering background, he can dive into the details of crypto complexities to make crypto adoption easy for everyone. In his free time, he often reads fiction or enjoys a good laugh over a beer.

Don't miss out on new features and special events