BitKeep, a decentralized, multi-chain crypto wallet, has confirmed a cyberattack that caused it to lose $9.9 million. This hack came just under three months after the previous attack in mid-October.
BitKeep has been the victim of a massive hack
This is how Kevin Como, CEO of BitKeep, described the cyberattack. The cryptocurrency wallet, he said, was the victim of a “large-scale hack.” According to the team, the attackers distributed fraudulent versions of the wallet app.
Hackers injected malicious code into an Android app package (.APK) file. This allowed them to steal users’ private keys and easily move their cryptocurrencies. Initial investigations show that all the stolen funds were transferred to two addresses.
Fraudulent apps were downloaded from phishing sites. Hackers have cracked version 7.2.9 of the Android Application Package (.APK) file. Fake apps are only those that are downloaded outside of Google Play, Apple App Store or Google Chrome Web Store.
Transfer funds to a legitimate crypto wallet
PeckShield, a blockchain security firm, and OKLink, a multi-chain blockchain explorer, were investigating the incident. They managed to establish the source of the stolen funds. These are BNB Chain, Ethereum, TRON and Polygon.
“If your funds are stolen, the app you download or update may be an unknown (unofficial) version that has been hacked,” explains the BitKeep team. Users who have downloaded the fraudulent version of the application are advised to download a legitimate version of the crypto wallet in order to transfer their funds to it.
This attack comes less than three months after the previous attack that resulted in BitKeep losing nearly $1 million worth of BNB (Binance Coin). These incidents serve as a reminder of the risks associated with holding digital assets and the importance of taking steps to protect them.