While many are still enjoying the holiday season, hackers are hard at work, draining around $8 million in an ongoing BitKeep wallet exploit.
On Dec. 26, some users of the multichain crypto wallet BitKeep reported that their funds were being drained and transferred while they were not using their wallets. In their official Telegram group, the BitKeep team confirmed that some APK package downloads have been hijacked by some attackers and have been installed with code that was implanted by hackers. They wrote:
“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”
As the hack continues, the BitKeep team urged its users to transfer their funds to a wallet that came from official sources like Google Play and the Apple App Store. Apart from this, the team also asked community members to use newly created wallet addresses as their previous addresses may already be “leaked to hackers.” To help with the investigation, the BitKeep team asked affected users to submit the relevant materials through a Google form they provided.
#PeckShieldAlert #BitKeep reported that several users’ funds were stolen, the official stated that possibly due to downloading a hacked APK version
∼$8M worth of assets have been stolen so far, including ~4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH pic.twitter.com/ZdomZGFWRO
— PeckShieldAlert (@PeckShieldAlert) December 26, 2022
One suspected hacker wallet address already has more than $5 million in digital assets. While the amount exploited is still not final and the attackers are still currently transferring funds to multiple wallet addresses, blockchain security and analytics firm PeckShield highlighted that there’s been more than $8 million in Tether (USDT), DAI (DAI), Binance Coin (BNB) and Ether (ETH) stolen so far.
Related: DeFi flash loan hacker liquidates Defrost Finance users causing $12M loss
On Oct. 17, the BitKeep wallet also suffered an exploit with the attacker taking off with $1 million worth of BNB. The exploit was conducted through a service that enabled token swaps. The wallet firm suspended the service and pledged to reimburse all the affected users.