Jump to content
  • Hackers steal $8 million from users running trojanized BitKeep apps

    alf9872000

    • 339 views
    • 3 minutes
     Share


    • 339 views
    • 3 minutes

    Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require verification.

     

    BitKeep is a decentralized multi-chain web3 DeFi wallet supporting over 30 blockchains, 76 mainnets, 20,000 decentralized applications, and more than 223,000 assets. It’s used by over eight million people in 168 countries for asset management and transaction handling.

     

    While the platform has not released an official announcement on its website, it has informed the community on the official Telegram channel that the incident appears to have impacted users who downloaded an unofficial version of the BitKeep app.

     

    “After a preliminary investigation by the team, it is suspected that some APK package downloads have been hijacked by hackers and installed with code implanted by hackers,” explains BitKeep’s announcement.

     

    “If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”

     

    telegram(5).png

    BitKeep announcement on Telegram

     

    Those who downloaded the trojanized APK package are recommended to move all their funds to the official store after downloading the official apps from Google Play or App Store, create a new wallet address and move all their funds to it.

     

    The platform warns that any wallet addresses created using the malicious APK should be treated as compromised.

     

    Finally, those who have fallen victim to the hacks are requested to fill out this form for BitKeep’s support team to try to offer a solution in a timely manner.

     

    user-report.png

    BitKeep user reporting unauthorized transactions

     

    BitKeep has not determined how much money was lost due to these hacks, but transaction tracking service PeckShield reported that approximately $8 million worth of assets have been stolen so far.

     

    The suspicious transactions spotted by PeckShield include 4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH.

     

    transactions.jpg

    Unauthorized transaction tracing (PeckShield)

     

    Since the attack is still ongoing, with the threat actors taking advantage of the holiday season causing delays in noticing the hacks and incidence response action, the losses are expected to grow.

     

    In October 2022, BitKeep suffered a loss of roughly $1 million after a hacker exploited a vulnerability in the service that enabled them to perform arbitrary token swaps.

     

    At that time, BitKeep promised to fully reimburse those impacted by the incident. However, since the current attacks result from users getting scammed by trojanized APKs, it’s unlikely that there will be any refunds.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...