BitKeep logo displayed on a smartphone screen.

New report sheds light on BitKeep hack over the holidays

As investigators try to unravel the unfortunate hack of BitKeep wallet during the holidays, new research has uncovered further information surrounding the event.

On-chain analytics firm OKLink released a report showing the modus operandi employed by the attacker. According to the report, the attacker created multiple fake sites for BitKeep users to update their wallet apps to the latest versions.

Unknown to the victims, the APK file from the site was a malicious file rigged to steal the seed phrases of unsuspecting users. It is unclear how the seed phrases were obtained at the moment, but there is speculation that users might have been asked to input their seed phrases to complete the update.

The result was the draining of nearly $13 million worth of digital assets, which OKLink claims were funneled through five wallets. The report confirmed that the attack involved four chains, including Binance Smart Chain (BSC), Ethereum (ETH), Tron (TRX), and Polygon (MATIC). It was also revealed that BNB Chain bridges were deployed in moving a number of assets to Ethereum.

“The reason for this massive theft is that hackers have hijacked the latest installation package 7.2.9 with the following version, and users are advised to transfer funds immediately,” read OKLink’s report.

After the heist, the attacker attempted to cash out by sending a portion of the funds to digital asset exchanges Binance and ChangeNOW. 2 ETH and 200 USDC were sent to Binance, while the hacker sent 21 ETH to ChangeNOW, but it is not clear if Binance has confiscated the virtual currencies.

Investigators are still trying to understand how the attacker convinced victims to visit the external site containing the rigged APK file. BitKeep’s statement confirmed that its developer’s official website had not been breached, claiming that the APK was the work of bad actors.

This is not the first time Bitkeep has been hacked. In October, the wallet lost $1 million worth of BNB following the breach of a token swap.

Riddled with big hacks

2022 has been characterized by jarring security breaches that have led to the loss of billions’ worth of digital assets. Ronin Network‘s $625 million hack will be indelible in the minds of industry enthusiasts, given the sheer size of the loot, outstripping Wormhole Bridge’s exploit.

Other exploits that sent the ecosystem into a frenzy include Nomad Bridge’s $190 million hack, Beanstalk Farms’ $182 million exploit, and Wintermute’s loss of $162 million to bad actors.

Several reports have pointed accusing fingers at North Korean hacking groups as being responsible for some of the industry’s largest security breaches.

Watch: The BSV Global Blockchain Convention presentation, Trust But Verify: Everything

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]