HQ/EMEAFind out how we can help your business
The crypto owners who used the BitKeep apps reported that their funds were missing from their wallets during the holidays after an attacker executed numerous transactions that did not require verification.
BitKeep is a DeFi wallet, a decentralised multi-chain web3 that could support more than 30 blockchains, 20,000 decentralised applications, 223,000 assets, and 76 mainnets. Over eight million individuals utilise BitKeep in 170 countries for transaction handling and asset management.
The platform has yet to release an official announcement addressing the incident on its website. However, it has notified its community on the Telegram channel that the attack appears to have affected users who installed an unofficial version of the BitKeep application.
A BitKeep representative explained that after their preliminary investigation, they suspected some APK package downloads had been hijacked by threat actors and installed with code implanted by them.
Furthermore, the spokesperson addressed their users that if their funds are stolen, their downloaded application or update might be an unknown or unofficial app version.
Users should remove the trojanised BitKeep apps on their devices to avoid attackers hijacking them.
Admins of the crypto wallet urged users to move all their funds from the trojanised BitKeep apps to the official store after downloading the legitimate apps from Google Play or App Store. Additionally, users should create a new wallet address and transfer all their funds to it.
The platform also noted that any wallet addresses developed through the malicious APK should be treated as hostile since it is not from their official website or store.
Lastly, users are requested by the wallet to fill out a form for BitKeep’s support team if they have fallen victim to the hacks since they could offer a solution if there is one.
BitKeep has yet to determine the amount of money lost during the attack, but a transaction tracking service reported that the campaign stole nearly $8 million worth of assets.
The attack is still operational; hence, the threat actors could take advantage of the holiday season and cause delays in notifications regarding the hacks, which could also affect the security response.
Experts believe the losses could grow if responsible individuals do not deal with the campaign soon.
