Thieves compromised BitKeep cryptocurrency wallets after creating an “unofficial” Android app, resulting in the theft of money from user wallets.
According to blockchain security services provider PeckShield, approximately $8 million worth of assets were stolen.
— PeckShieldAlert (@PeckShieldAlert) December 26, 2022
The theft appears to have occurred through the downloading of hacked and maliciously coded unofficial APK packages.
BitKeep has advised users to transfer their funds to the official Chrome plugin wallet or the app downloaded from the official store, create a new wallet address, and keep their mnemonic phrase safe.
The companythat the theft was mainly due to the hijacking of the 7.2.9 APK, and warned users to be cautious of using unofficial versions.
Security company Hacken has reported that almost $6 million worth of cryptocurrency assets have been taken in an ongoing attack, in which the attacker is “directly moving customers’ money to other locations.”
Hacken said the stolen money has been transferred to a Binance Smart Chain wallet and an Ethereum wallet, which received two large outgoing transactions totaling 709 and 504 Ether, or nearly $865,000 and $615,000, respectively.
Multi-chain data provider OKLink has disclosed that a total of $31 million in various assets across the Binance Smart Chain, Ethereum ETH/USD, Tron TRX/USD, and Polygon MATIC/USD have been taken in the attack, which is still ongoing.
【12-26 #BitKeep Mod Event Summary】
According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.
— OKLink (@OKLink) December 26, 2022
These numbers suggest the hacker is still making money from consumers who have downloaded the infected APK.
This is not the first time that BitKeep has been targeted by hackers this year.
In October, the wallet suffered an issue that led to the theft of $1 million in Binance Coin BNB/USD tokens.
Photo via Shutterstock.