- BitKeep lost more than $8 million to a DeFi exploit caused by malicious APK packages
- The BitKeep team assured compensation for users who have lost funds
BitKeep, a non-custodial wallet owned by popular crypto derivatives exchange Bitget, lost millions to a hack. Bitget becomes the latest crypto platform to fall victim to a DeFi exploit in 2022.
Behind-the-scenes…
As of 26 December, users on Twitter started reporting that their BitKeep wallet automatically transferred funds without their knowledge. Bitkeep soon acknowledged the suspicious transactions in their official telegram group.
The team reported that the malicious codes embedded by the perpetrators into APK package downloads were responsible for the exploit. The hackers reportedly hijacked the APK packages and modified them. These were subsequently downloaded by the wallet’s users.
“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked” the team stated.
Hackers siphoned off more than $8 million
According to data gathered by on-chain analytics firm PeckShield, the hackers managed to get away with more than $8 million worth of crypto assets. According to the OKLink data monitor, this included 4373 BNB, 5.4 million USDT, 196,000 DAI, and 1233 ETH.
Furthermore, Web3 security firm Supremacy Inc reported that the perpetrator behind BitKeep’s hack was mixing the exploited crypto assets through SideShift and FixedFloat. These are both platforms that provide swap easy services. Furthermore, the hacker also transferred 652 BNB and 70,000 DAI using these platforms so far.
The BitKeep team, as of this writing, was investigating this attack and warned its users to transfer their funds into other credible wallets downloaded from Google Play and App store.
Users have also been asked to submit any relevant information related to the hack, though a Google form. The team clarified that users who have lost funds due to this hack will be compensated by the BitKeep Security Fund.
