Decentralized multi-chain crypto wallet BitKeep finally conceded that it had suffered a cyberattack, after days of trying to assuage news of hacking. However, the company reiterated that there is no security issue on its official app.
“In the past 2 days, I have led the team to take a series of countermeasures to protect our users from further losses and pinpoint the root cause of this mishap,” BitKeep CEO Kevin Como said in an open letter that assured that the company is “actively working to recover user losses”.
“We have made some progress so far: We managed to trace the addresses used in the theft and some of the stolen funds are frozen.”
The letter did not mention the value of crypto assets lost, the type of attack, or the perpetrators.
BitKeep breach: Cause and damage
Since the news of possible hacking came out on Monday, the company has been blaming the use of unauthorized wallets.
“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked,” said the company’s announcement on Telegram.
“However, if you have downloaded 7.2.9 APK on website or updated it to this version via website or in the app, I’d like to urge you to download a new app via the official store, generate a new wallet address and move your funds, because there’s a chance that your private key is leaked due to this hijacked APK in question.”
Security firm Hacken estimates that around $6 million worth of crypto assets have been stolen in the ongoing attack, with the primary addresses being a Binance Smart Chain wallet and an Ethereum wallet.
1. For now approximately ∼$6M worth of assets have been stolen
But the attack is still ongoing and the attacker is directly transferring users assets to multiple addresses
— Hacken🇺🇦 (@hackenclub) December 26, 2022
Not the first at BitKeep
In October, BitKeep announced a compensation after it came to light that a cybercriminal stole $1 million worth of Binance Coin (BNB) tokens from BitKeep’s token swap service and transferred the funds through Tornado Cash, a privacy tool approved by the U.S. government.
In response to the attack, BitKeep froze its token swap service and announced plans to introduce a wallet safety assurance feature with a one-tap repair option.
“BitKeep will launch a compensation portal within 3 working days for all victims to apply for refund,” said the company’s announcement on October 18. “BitKeep will compensate 100% of your stolen assets.”