Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
According to PeckShield's report, popular cryptocurrency wallet BitKeep reported that several users lost their funds after contacting a compromised APK version of the application. Hackers were able to steal $8 million worth of assets, including more than 4,000 BNB, $5.4 million USDT, around 200,000 DAI and 1,233 ETH.
Attack directions
It is not yet clear where the compromised APK originated and what was the source of most downloads. However, some users reported that they have been personally contacted by suspicious accounts in social media platforms like Twitter, where scammers urged them to download the BitKeep wallet.
#PeckShieldAlert #BitKeep reported that several users' funds were stolen, the official stated that possibly due to downloading a hacked APK version
— PeckShieldAlert (@PeckShieldAlert) December 26, 2022
∼$8M worth of assets have been stolen so far, including ~4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH pic.twitter.com/ZdomZGFWRO
However, links spread on Twitter were nothing but phishing tools. After opening it and downloading a hacked APK file, users' devices were compromised, and crypto thieves got access to all funds sent on addresses set in the application.
After reaching a certain download threshold, hackers decided to "withdraw" funds on compromised wallets and made a bankrun. As for now, most of the funds are concentrated on one address owned by hackers.
It is important to check the source of downloaded APKs every time you work with cryptocurrency wallets, trading platforms or any other applications that include payments, wallets or any other tools that require you to deposit funds.
If you are a BitKeep user, make sure to check the source of the APK you used to install the wallet, and if it seems suspicious, move all of your funds away from the wallet to some other commonly used storage or hardware wallet. Alternatively, you can send funds to any trusted exchange like Binance temporarily, until finding a better solution for keeping funds.