The Bitkeep exploit that occurred on December 26 used phishing sites to trick users into downloading fake wallets, according to a report from the blockchain analytics provider; OK Link.
The report claims that the attacker created several fake Bitkeep websites that contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker.
【12-26 #BitKeep Hack Event Summary】
1/nAccording to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.
—OKLink (@OKLink) December 26, 2022
The report does not say how the malicious file stole user keys in an unencrypted form. However, it is possible that it simply asked users to re-enter their keywords as part of the “update”, which the software could have recorded and sent to the attacker.
Once the attacker had the users’ private keys, he deprived all the assets and emptied them into five wallets under his control. From there, they tried to withdraw some of the funds using centralized exchanges: 2 ETH and 100 USDC were sent to Binance, and 21 ETH was sent to Changenow.
The attack occurred on five different networks: BNB Chain, Tron, Ethereum, and Polygon, and BNB Chain’s Biswap, Nomiswap, and Apeswap bridges were used to bridge some of the tokens to Ethereum. In total, more than $13 million worth of cryptocurrency was stolen in the attack.
It is not yet clear how the attacker convinced users to visit the fake websites. The official BitKeep website provided a link that sent users to the official Google Play Store page for the app, but it does not contain any APK files for the app.
The BitKeep attack was first reported by Peck Shield at 7:30am UTC. At the time, it was blamed on an “APK version hack”. This new OKLink report suggests that the hacked APK came from malicious sites, and the developer’s official website has not been compromised.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.