Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn’t require verification.
BitKeep is a decentralized multi-chain web3 DeFi wallet supporting over 30 blockchains, 76 mainnets, 20,000 decentralized applications, and more than 223,000 assets. It’s used by over eight million people in 168 countries for asset management and transaction handling.
While the platform has not released an official announcement on its website, it has informed the community on the official Telegram channel that the incident appears to have impacted users who downloaded an unofficial version of the BitKeep app.
“After a preliminary investigation by the team, it is suspected that some APK package downloads have been hijacked by hackers and installed with code implanted by hackers,” explains BitKeep’s announcement.
“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”
Those who downloaded the trojanized APK package are recommended to move all their funds to the official store after downloading the official apps from Google Play or App Store, create a new wallet address and move all their funds to it.
The platform warns that any wallet addresses created using the malicious APK should be treated as compromised.
Finally, those who have fallen victim to the hacks are requested to fill out this form for BitKeep’s support team to try to offer a solution in a timely manner.
The suspicious transactions spotted by PeckShield include 4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH.
Since the attack is still ongoing, with the threat actors taking advantage of the holiday season causing delays in noticing the hacks and incidence response action, the losses are expected to grow.
In October 2022, BitKeep suffered a loss of roughly $1 million after a hacker exploited a vulnerability in the service that enabled them to perform arbitrary token swaps.
At that time, BitKeep promised to fully reimburse those impacted by the incident. However, since the current attacks result from users getting scammed by trojanized APKs, it’s unlikely that there will be any refunds.