BitKeep CEO Said More Users’ Private Keys Still Vulnerable After Exploit

BitKeep CEO urged users who downloaded the BitKeep 7.2.9. APK malware to transfer all their assets immediately.

Based on a December 27 letter posted on Chinese blockchain news publisher Odaily.com, Kevin Como, the anonymous CEO of BitKeep warned that users’ private keys are still at risk after an unwanted security incident on December 26 resulted in more than $13 million in losses at the time of writing. BitKeep is among the most popular noncustodial, decentralized finance multichain wallets with at least 6 million users. Particularly, Como wrote:

“This was a large and atrocious hacker attack incident. The BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped by the hacker, and as a result, some users already installed the APKs that were planted malware by the hackers, leading to a leak of users’ private keys.”

Como urged the users who had already downloaded the Android APK 7.2.9 to ensure that they transfer all their digital assets to a new wallet. The crypto executive wrote:

“It is probable that [these wallets] already had their private keys leaked.”

In terms of progress, Como insisted that the BitKeep team has already been in direct contact with blockchain security companies, like SlowMist, to help trace the stolen funds. He said:

“We have actively collected information about users’ stolen assets, made a complete recollection of hacking procedures and timeline, and have collected evidence of the Android 7.2.9 APK malware.”

Web3 data analytics company OKLink first reported on December 26 that the attacker set up multiple fake BitKeep websites that had an APK file that resembled version 7.2.9 of the BitKeep wallet. Users who downloaded and interacted with the malicious file then had all their private keys or seed words stolen and sent to the attacker.

【12-26 #BitKeep Hack Event Summary】
1/n

According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.

— OKLink (@OKLink) December 26, 2022