Hackers attack yet another decentralized finance tool.
Bitkeep, a multi-chain Web3 decentralized finance (DeFi) wallet, was hacked and drained for over $8 million.
The news was first revealed by Bitkeep clients, which used Twitter to claim that their Bitkeep wallet had automatically transferred a certain amount of tokens when they were not using their wallet.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is an NFT? (Explained with Animations)
Shortly after that, on December 26th, Bitkeep took to its official Telegram group to confirm the news. The company revealed that “some APK package downloads have been hijacked by hackers and installed with code implanted” by malicious actors.
If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.
In the same message, Bitkeep asked its users to move their funds to wallets available on “another official store,” such as Google Play or App Store. On top of that, users were recommended to use a “newly created wallet address,” as the previous wallet address may be leaked to hackers.
Moreover, the affected users were asked to share relevant information on Google forms issued by Bitkeep.
Shortly after Bitkeep’s announcement, blockchain security firm PeckShieldAler took to Twitter to reveal that around $8 million worth of assets, such as Binance Coin (BNB), Ethereum (ETH), Tether (USDT) and Dai (DAI), were stolen.
Another blockchain analytics provider OKLink shared a report breaking down how exactly hackers exploited Bitkeep. The company stated that malicious actors had created several fake Bitkeep websites with APK files, which mimicked version 7.2.9 of the Bitkeep wallet.
By downloading the “update,” users unknowingly sent their private keys or seed words to the hackers.
OKLink claims that the attack was executed over five networks: Ethereum, BNB Chain, Polygon and Tron. It is worth noting that the hacker used BNB Chain bridges Nomiswap, Biswap and Apeswap to bridge tokens to Ethereum.
The company claims that the total transaction volume was around $31 million.