Key Takeaways:
Customers of BitKeep who use the wallet reported that money was being removed from their wallets.
Digital assets taken as a whole are expected to be worth about $8 million.
The Bitkeep team acknowledged that some APK packages that customers downloaded might have been taken over by hackers and installed.
On December 26, several BitKeep users who utilize the multichain cryptocurrency wallet alleged that funds were being removed and relocated when they were not utilizing their wallets. In addition, the BitKeep team revealed on their official Telegram channel that some APK package downloads had been infiltrated by some attackers and had harmful malware inserted into them. They also tweeted:
“The download of the BitKeep APK package used by some users was hijacked by hackers. The wallet you are using is no longer the official version. Now that the hacker has transferred most of the funds to the wallet address on BSC, I hope everyone can seek help from the BNB CHAIN official on Twitter and social media and freeze the hacker address and stolen funds as soon as possible.”
The BitKeep team advised its users to move their money to a wallet that originated from an official source, like Google Play or the Apple App Store, while the hack remained. The company also advised the community to use newly generated wallet addresses as their old ones may have already been “leaked to hackers.” The BitKeep team asked the affected users to provide the necessary data using a Google form to help with the investigation.
PeckShield, a blockchain security and analytics company, stated that more than $8 million in Tether, DAI, BNB, and Ether had been taken so far, despite the fact that the amount compromised is still not final and the attackers are constantly moving money to different wallet addresses. According to the authorities, this may be because users downloaded a modified APK version. Digital assets worth more than $5 million have already been found in one alleged hacker wallet address.
The BitKeep wallet was also compromised on October 17; the attacker made off with $1 million worth of BNB. Through the use of a service that permitted token exchanges, the exploit was carried out. As a result, the wallet company shut down the service and promised to compensate any impacted customers.
Attacks by malicious parties have persisted against numerous DeFi projects. For example, hackers recently stole $173,000 from Defrost Finance, while the Raydium liquidity provider in Solana, California, experienced a $2 million attack.