Decentralized multi-chain crypto wallet BitKeep confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users’ digital currencies.
The incident included the threat actor exploiting and hijacking version 7.2.9 of the Android app package (.APK) file hosted on its website to distribute the trojanized variant. An estimated $9.9 million worth of assets have been stolen so far.
Describing it as a “large-scale hacking incident”, BitKeep CEO Kevin Como said, “With maliciously implanted code, the altered APK led to the leak of user’s private keys and enabled the hacker to move funds.” The firm further stated, “Funds stolen are on BNB Chain, Ethereum, TRON and Polygon. More than 200 addresses on the other three chains were used in the heist, and all funds were transferred to 2 main addresses in the end.”
As many as five different counterfeit versions of the Android app have been identified, suggesting that the apps were potentially distributed through phishing websites. The legitimate package name is “com.bitkeep.wallet”. Users who have downloaded the APK file for version 7.2.9 are advised to install the latest version (7.3.0) and transfer the funds to a newly generated wallet address.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
