Breaking News

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies



Dec
28,
2022Ravie
LakshmananBlockchain
/
Android
Malware


BitKeep Confirms Cyber Attack

Decentralized
multi-chain
crypto
wallet
BitKeep
on
Wednesday
confirmed
a
cyberattack
that
allowed
threat
actors
to
distribute
fraudulent
versions
of
its
Android
app
with
the
goal
of
stealing
users’
digital
currencies.

“With
maliciously
implanted
code,
the
altered
APK
led
to
the
leak
of
user’s
private
keys
and
enabled
the
hacker
to
move
funds,”
BitKeep
CEO
Kevin
Como

said,
describing
it
as
a “large-scale
hacking
incident.”

According
to
blockchain
security
company

PeckShield
and
multi-chain
blockchain
explorer

OKLink,
an
estimated

$9.9
million
worth
of
assets
have
been
plundered
so
far.

“Funds
stolen
are
on
BNB
Chain,
Ethereum,
TRON
and
Polygon,”
BitKeep
further

noted
in
a
series
of
tweets. “More
than
200
addresses
on
the
other
three
chains
were
used
in
the
heist,
and
all
funds
were
transferred
to
2
main
addresses
in
the
end.”



CyberSecurity

The
incident
is
said
to
have
taken
place
on
December
26,
2022,
with
the
threat
actor
exploiting
and
hijacking
version
7.2.9
of
the
Android
app
package
(.APK)
file
hosted
on
its
website
to
distribute
the
trojanized
variant.

That
said,
the
digital
break-in
doesn’t
impact
BitKeep
apps
downloaded
via
Google
Play,
Apple
App
Store,
or
the
Google
Chrome
Web
Store.


BitKeep Confirms Cyber Attack

As
many
as
five
different
counterfeit
versions
of
the
Android
app
with
the
following
package
names
have
been
identified,
suggesting
that
the
apps
were
potentially
distributed
through
phishing
websites.
The
legitimate
package
name
is “com.bitkeep.wallet.”

  • com.bitkeep.app
  • com.bitkeep.w4
  • com.bitkeep.w5
  • com.bitkeep.wallet5
  • io.bitkeep.wallet

The
Singapore-headquartered
company,
which
was
founded
in
2018,
said
it
has
traced
the
wallet
address
used
to
carry
out
the
theft
and
that
some
of
the
siphoned
digital
assets
have
been
frozen.

Users
who
have
downloaded
the
APK
file
for
version
7.2.9
are
advised
to
install
the
latest
version
(7.3.0)
released
today
and
transfer
the
funds
to
a
newly
generated
wallet
address.

This
is
not
the
first
time
BitKeep
has
been
breached.
On
October
18,
2022,
it

disclosed
another
security
incident
targeting
its
BitKeep
Swap
service
that
led
to
losses
of
about
$1
million.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

shortenage

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress | Bootstrap Themes