The BitKeep developers confirmed that some APK package downloads have been hijacked by attackers and installed by users.
While most people are still enjoying the holiday season, hackers are hard at work, draining nearly $8 million in a continuing BitKeep wallet exploit.
On December 26, some users of the multichain crypto wallet BitKeep reported that their funds were getting drained and transferred while they were not using their wallets. On other official Telegram groups, the BitKeep team confirmed that some APK package downloads have been hijacked by some attackers and have been installed with code that was implanted by the hackers. They wrote:
“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”
As the hack continues, the BitKeep team urged its users to transfer their funds to a wallet that came from official sources like the Apple App Store and Google Play.
Besides that, the team also urged the community members to use newly set up wallet addresses as their previous addresses may already be “leaked to hackers.” To help with these investigations, the BitKeep team urged the affected users to submit the relevant materials via a Google form they provided.
Buy Bitcoin Now#PeckShieldAlert #BitKeep reported that several users' funds were stolen, the official stated that possibly due to downloading a hacked APK version
∼$8M worth of assets have been stolen so far, including ~4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH pic.twitter.com/ZdomZGFWRO— PeckShieldAlert (@PeckShieldAlert) December 26, 2022
One of the suspected hacker wallet addresses already has over $5 million in digital assets. While the amount exploited is not yet final and the attackers are still stealing funds using multiple wallet addresses, blockchain security and analytics company PeckShield highlighted that there has been over $8 million in Tether (USDT), Binance Coin (BNB), DAI, and Ether (ETH) stolen so far.
On October 17, the BitKeep wallet also suffered an exploit with the hacker stealing over $1 million worth of BNB. The exploit was executed via a service that enabled token swaps. The wallet company suspended the service and pledged to fully reimburse all the affected users.