Multi-Chain Wallet BitKeep Has Been Hacked for $8 Million
BitKeep, a multi-chain non-custodial wallet by Bitget, is reported to have been hacked for USDT 2.9 million, DAI, and BNB, as attackers replaced the wallet downloadable files with their own malicious files.
Multi-parties responsed that their token in @BitKeepOS was stolen and OKLink data monitor found out this suspected deposit address that might belong to Bitkeep hackers. This address currently still have 2,896,386 USDT 166,010 DAI and 2,310 #BNB https://t.co/ce4JcDB3tm#ScamAlert pic.twitter.com/9F5qlNeAfP
— OKLink (@OKLink) December 26, 2022
BitKeep Hack: What Happened?
The first sign of trouble appeared in the early hours of Monday, December 26, when the official Telegram channel of BitKeep was flooded with many users’ complaints about their funds being transferred.
The BitKeep team later confirmed the hack and said that wallets installed through downloadable APK packages had been compromised as the APK package was hijacked by hackers and replaced by malicious files. Wallets installed from Google Play and App store are safe.
The official confirmation reads:
“Dear BitKeep users, after a preliminary investigation by the team, it is suspected that some APK package downloads have been hijacked by hackers and installed with code implanted by hackers.”
OKLink, an on-chain data analysis platform, initially reported that hackers’ addresses hold 2,896,386 USDT 166,010 DAI, and 2,310 BNB, mainly concentrated in BNBChain. In the latest update at the time of writing, OKLink has found another suspected hacker address that also contains ETH and SHIB.
According to Supremacy Inc., a security firm, BitKeep hackers are using SideShift and FixedFloat to mix coins and some of the funds have already been transferred.
Warning! @BitKeepOS hackers are mixing coins via SideShift and FixedFloat and have already transferred 652 BNB and 70,000 DAI. pic.twitter.com/WyygwCDDq3
— Supremacy Inc. (@Supremacy_CA) December 26, 2022
The BitKeep team is advising users to transfer their funds to wallets installed through Google Play or App Store and create new addresses. The team also announced that if the asset loss was caused by the platform, the BitKeep Security Fund would make the full compensation. The announcement reads:
“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”
“Now for the safety of user funds, if you downloaded the APK version, please transfer the funds to the wallet downloaded from another official store (App Store or Google Play). In addition, it is recommended to use the newly created wallet address, the address you created through apk may be leaked to hackers.”
The latest data by PechShield reveals that $8M worth of assets have been stolen so far, including 4373 BNB, 5.4M USDT, 196k DAI, and 1233.21 ETH.
The year 2022 proved to be a tough year for the crypto sector. Security incidents kept on rising. However, the collapse and hack of the FTX crypto exchange was perhaps the most shocking incident in crypto. As Blockchain Journal reported, the FTX hack was so large that it made the hackers the 35th largest Ethereum holder.