On December 27, China-based blockchain news publisher Odaily.com published by According to a letter, Kevin Como, BitKeep’s anonymous CEO, warned that users’ private keys are still at risk after a security incident on Dec. BitKeep is one of the most popular non-custodial, decentralized finance multi-chain wallets with over 6 million users. Como used the following statements on the subject:
“This was a wide-ranging and horrific hacker attack. BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and modified by the hacker. As a result, some users had installed malware-embedded APKs by the hackers. and this led to users’ private keys being leaked.”
Como has warned users who have already downloaded Android APK 7.2.9 to transfer their digital assets to a new wallet. “It is likely that the private keys of these wallets have already been leaked,” the crypto executive said.
Como explained that the BitKeep team is in contact with blockchain security companies like SlowMist to track down the stolen funds, adding, “We actively gathered information about users’ stolen assets, evidence of Android 7.2.9 APK malware, and a complete hacking procedures and timeline. ,” said.
Web3 data analytics firm OKLink reported yesterday that the attacker first set up several fake BitKeep websites containing an APK file similar to version 7.2.9 of the BitKeep wallet. The private keys or recovery words of users who downloaded and interacted with the malicious file were stolen and sent to the attacker.
【12-26 #BitKeep Hack Event Summary】
1/nAccording to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.
— OKLink (@OKLink) December 26, 2022