8 million stolen by hackers from BitKeep users using trojanized BitKeep applications

Many BitKeep cryptocurrency wallet owners reported their accounts were empty during Christmas because hackers had initiated transactions that did not require verification.

BitKeep, a multi-chain decentralized web3 DeFi wallet, supports over 30 blockchains and 76 mainnets. It also has 20,000 decentralized apps, more than 223,000 assets, as well as support for more than 2233,000 decentralized assets. BitKeep is used in asset management, transaction handling and more than eight million other uses across 168 countries.

Although the platform did not make an announcement via its website, they informed the community through the that users who had downloaded the BitKeep app unofficially were affected by the incident.

BitKeep announced that it was suspected that APK packages downloaded by some hackers were hijacked and infected with malware.

If your funds have been stolen, you may find that the app or update you downloaded is an unofficial version.

After downloading trojanized APK packages, it is recommended that all users move their money to the official shop.

Platform warns that wallet addresses made using malicious APK should not be considered compromised.

Finaly, anyone who has fallen prey to hacks is asked to to allow BitKeep’s support staff to provide a prompt solution.

BitKeep does not know how much was stolen by these hackers, however, transaction tracking service that about $8 million in assets were taken.

PeckShield spotted suspicious transactions including 4373 $BNB and 5.4M USDT. There were also 196k $DAI and 1233.21$ETH.

The attack continues, and the threat actors are taking advantage of holidays to delay detection of hacks. Incidence response action is also delayed, so losses will continue to increase.

BitKeep lost approximately $1 million in October 2022 when a hacker exploited an issue that allowed them to do arbitrary token swaps.

BitKeep had promised that they would fully compensate all those who were affected by the incident. It’s highly unlikely that any refunds will be made, as the recent attacks were caused by users being scammed using trojanized APKs.