Singapore-based decentralized multi-chain crypto wallet, BitKeep, confirmed on Wednesday that it was the target of a cyberattack that resulted in the theft of an estimated $9.9 million worth of digital assets. The attack, which took place on December 26, 2022, allowed threat actors to distribute fraudulent versions of BitKeep’s Android app in an effort to steal users’ digital currencies.
Details Of The Attack
The CEO of BitKeep, Kevin Como, has stated that the attack was a “large-scale hacking incident” in which malicious code was implanted into the Android app package (.APK) file uploaded on the BitKeep website. Due to the compromised APK, the hacker was able to steal users’ private keys and transfer their cash. Moreover, BitKeep tweeted that the stolen funds were from BNB Chain, Ethereum, TRON, and Polygon. All monies were moved to just two addresses. However, over two hundred addresses on the other three chains were used in the attack.
PeckShield, a blockchain security business, and OKLink, a multi-chain blockchain explorer, have both independently verified the incident and its estimated value in stolen funds. Users who have already downloaded the Android app’s APK file for version 7.2.9 were not affected by the assault. Users who installed the software from a source other than Google Play, the App Store, or the Chrome Web Store were safe.
Counterfeit Versions Of The Android App
The following package names have been found to be used by at least five distinct fake versions of the Android app:”com.bitkeep.app,” “com.bitkeep.w4,” “com.bitkeep.w5,” “com.bitkeep.wallet5,” and “io.bitkeep.wallet.”
These apps were potentially distributed through phishing websites and had a different package name from the legitimate app, which is “com.bitkeep.wallet.” Users should be wary of these fake apps and should only download the official app from reliable sources.
Response to the Attack
In response to the attack, BitKeep has traced the wallet address used in the theft and has frozen some of the stolen digital assets. The company advises users who have downloaded the APK file for version 7.2.9 to install the latest version (7.3.0) released on Wednesday and transfer their funds to a newly generated wallet address. This will ensure that their funds are secure and that they are not at risk of further theft.
But this isn’t the first time that’s happened. BitKeep has been hacked. Another security breach affecting the BitKeep Swap service and costing the company over $1 million was reported on October 18, 2022. The need to preserve digital assets and remain watchful against cyber threats is highlighted.
Importance Of Secure Crypto Wallets
The cyberattack on BitKeep highlights the ongoing threat of hackers targeting crypto wallets and the importance of taking steps to secure digital assets. It is recommended that users only download apps from trusted sources, such as Google Play, Apple App Store, or the Google Chrome Web Store, and to regularly update their apps to ensure that they have the latest security measures in place. It is also important for users to protect their private keys and to regularly monitor their accounts for any suspicious activity.
There are several steps that users can take to protect their crypto assets, including using a hardware wallet, enabling two-factor authentication, and using strong and unique passwords. It is also recommended to avoid storing large amounts of digital assets in online wallets and to use a diverse range of wallets for different assets. This can help to mitigate the risk of a single point of failure and can make it more difficult for hackers to access all of a user’s assets.
In addition to taking individual steps to secure their assets, it is important for users to stay informed about the latest security threats and must be conscious of the dangers of storing digital assets. This includes keeping up to date with software updates and security patches, as well as being cautious of phishing attacks and other forms of online fraud.
Past Incidents Of Cyber Attacks Targeting Crypto Assets
There have been several high-profile cyber attacks targeting crypto assets in recent years. In 2021, for example, the Ethereum-based crypto wallet, MyEtherWallet, was the target of a phishing attack that resulted in the theft of approximately $150,000 worth of digital assets. In 2019, the Canadian cryptocurrency exchange, QuadrigaCX, faced significant financial difficulties after the sudden death of its founder, who was the only person with access to the company’s cold storage wallets. As a result, an estimated $190 million worth of digital assets were lost.
These types of incidents serve as a reminder of the risks associated with storing digital assets and the importance of taking steps to secure them. By using secure wallets, enabling two-factor authentication, and staying informed about the latest security threats, users can significantly reduce their risk of falling victim to a cyber attack. It is also important for users to diversify their holdings and not store large amounts of assets in a single wallet or exchange. This can help to mitigate the risk of a single point of failure and can make it more difficult for hackers to access all of a user’s assets.
The cyberattack on BitKeep serves as a reminder of the importance of taking steps to secure digital assets and to be vigilant in protecting against cyber attacks. By only downloading apps from trusted sources, enabling two-factor authentication, and regularly updating software, users can significantly reduce their risk of falling victim to a cyber attack. It is also important to protect private keys and to regularly monitor accounts for any suspicious activity. By taking these precautions, users can help to ensure the safety and security of their digital assets.