en
Back to the list

Least Authority Discloses Security Risks in Atomic Wallet

source-logo  coindesk.com 10 February 2022 14:25, UTC

Funds held in Atomic Wallet, a crypto wallet that supports over 300 coins and tokens, may be at risk, according to a comprehensive security audit conducted by Least Authority.

Read more: Your First Crypto Wallet: How to Use It and Why You Need One

Least has published a blog post to alert Atomic Wallet users to the potential risks associated with the vulnerabilities they claim to have discovered in the wallet's system design.

"... we strongly recommend that the Atomic Wallet team immediately notify users of the existing security vulnerabilities. In addition, until the issues and suggestions outlined in the report have been sufficiently remediated and the Atomic Wallet has undergone subsequent security audits, we strongly recommend against the Atomic Wallet’s deployment and use."

Responsible disclosure

Least was first hired to examine Atomic's system design as well as its corresponding core, desktop and mobile coded implementations in early 2021. That report, delivered to Atomic in April, concluded that there were vulnerabilities and insufficiencies that put users at "significant risk."

The research team stated that the wallet sent them a response noting their updates and improvements in November . However, after checking Atomic's remediation commits, Least discovered that "a significant number of issues and suggestions remain unresolved..."

Further attempts to work with Atomic to resolve the outstanding security issues have been unsuccessful, according to Least.

Now, after 10 months of following responsible disclosure procedures, Least is taking the next step in alerting Atomic's users to the potential risks associated with the vulnerabilities they claim to have discovered. In the interest of preventing malicious actors from acting on the information in the final report, the security team is not releasing the finer details of their findings.

"We hope that this disclosure of the existence of significant vulnerabilities without providing details helps to appropriately warn users without putting them at even greater risk," the blog post states.

Today marks the first time since its establishment in 2011 that Least Authority has taken this step to alert the public to unresolved security issues with a client's product.

Vulnerabilities in Atomic Wallet

Least noted the following outstanding vulnerabilities in their latest audit of Atomic Wallet:

  • current users are vulnerable to a range of attacks that may lead to the total loss of user funds, specifically due to the current use and implementation of cryptography;
  • a lack of adherence to wallet system design and development standards and best practices;
  • a lack of robust project documentation;
  • an incorrect use of Electron, leading to an increased risk of potential security vulnerabilities and implementation errors, as well as out-of-date and unmaintained dependencies.

The company is also calling on Atomic Wallet to conduct and publish "a full, comprehensive follow up security audit" from an independent security auditing team once they have fully addressed and resolved the existing vulnerabilities to ensure the fixes have been "properly implemented."

Atomic Wallet's ERC20 token, AWC, has fallen from a high of over $2.50 in April of last year to about $0.86 Wednesday night. First launched in 2018, the token gives holders discounts on exchange services and other benefits, according to Atomic's website.

(CoinGecko)

coindesk.com