Many crypto wallet users of Bitkeep reported that their wallets were emptied during Christmas after hackers initiated transactions that didn't require any verification.
Bitkeep is a multi-chain, multi-asset decentralized web3 wallet supporting over 30 blockchains, 76 mainnets and 20,000 decentralized applications. It’s used by over eight million people in 168 countries for asset management and transaction handling.
Bitkeep confirmed on Wednesday that hackers had used malicious fraudulent android apps to steal 8 million worth of digital currencies.
"With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," Kevin Como, CEO of BitKeep, described the incident as a "large-scale hacking incident."
Users who downloaded the trojanized APK package are recommended to move their funds to an official store after downloading the official apps from Google Play or App Store and create a new wallet address. The platform warns that any wallet addresses created using the malicious APK should be treated as compromised.
After a hacker exploited a vulnerability in BitKeep’s service in October 2022, the company promised to fully reimburse those impacted by the incident. However, since the current attacks result from users getting scammed by trojanized APKs, it’s unlikely that there will be any refunds.
PeckShield is a service that tracks unauthorized transactions. Since the attack is still ongoing, with the threat actors taking advantage of the holiday season causing delays in noticing the hacks and incidence response action, the losses are expected to grow.
The suspicious transactions spotted by PeckShield include 4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH.
For those who have fallen victim to the recent hack, we suggest that you reach out to Bitkeep support team to try to finding a solution in a timely manner.