The Bitkeep exploit that occurred on Dec. 26 used phishing sites to idiot customers into downloading faux wallets, in accordance to a report by blockchain analytics supplier OKLink.
The report acknowledged that the attacker arrange a number of faux Bitkeep web sites which contained an APK file that regarded like model 7.2.9 of the Bitkeep pockets. When customers “updated” their wallets by downloading the malicious file, their non-public keys or seed phrases had been stolen and despatched to the attacker.
【12-26 #BitKeep Hack Event Summary】1/n
According to OKLink knowledge, the bitkeep theft concerned 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and whole Txns quantity reached $31M.
— OKLink (@OKLink) December 26, 2022
The report didn’t say how the malicious file stole the customers’ keys in an unencrypted type. However, it might have merely requested the customers to re-enter their seed phrases as a part of the “update,” which the software program may have logged and despatched to the attacker.
Once the attacker had customers’ non-public keys, they unstaked all property and drained them into 5 wallets underneath the attacker’s management. From there, they tried to money out a few of the funds utilizing centralized exchanges: 2 Ether (ETH) and 100 USD Coin (USDC) had been despatched to Binance, and 21 ETH had been despatched to Changenow.
The assault occurred throughout 5 completely different networks: BNB Chain, Tron, Ethereum and Polygon, and BNB Chain bridges Biswap, Nomiswap and Apeswap had been used to bridge a few of the tokens to Ethereum. In whole, over $13 million price of crypto was taken in the assault.
Related: Defrost v1 hacker reportedly returns funds as ‘exit scam’ allegations floor
It just isn’t but clear how the attacker satisfied customers to go to the faux web sites. The official web site for BitKeep offered a hyperlink that despatched customers to the official Google Play Store web page for the app, nevertheless it doesn’t carry an APK file of the app in any respect.
The BitKeep assault was first reported by Peck Shield at 7:30 am UTC. At the time, it was blamed on an “APK version hack.” This new report from OKLink means that the hacked APK got here from malicious sites and that the developer’s official web site has not been breached.
