According to PeckShield's report, popular cryptocurrency wallet BitKeep reported that several users lost their funds after contacting a compromised APK version of the application. Hackers were able to steal $8 million worth of assets, including more than 4,000 BNB, $5.4 million USDT, around 200,000 DAI and 1,233 ETH.
Attack directions
It is not yet clear where the compromised APK originated and what was the source of most downloads. However, some users reported that they have been personally contacted by suspicious accounts in social media platforms like Twitter, where scammers urged them to download the BitKeep wallet.
#PeckShieldAlert #BitKeep reported that several users' funds were stolen, the official stated that possibly due to downloading a hacked APK version
— PeckShieldAlert (@PeckShieldAlert) December 26, 2022
∼$8M worth of assets have been stolen so far, including ~4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH pic.twitter.com/ZdomZGFWRO
However, links spread on Twitter were nothing but phishing tools. After opening it and downloading a hacked APK file, users' devices were compromised, and crypto thieves got access to all funds sent on addresses set in the application.
After reaching a certain download threshold, hackers decided to "withdraw" funds on compromised wallets and made a bankrun. As for now, most of the funds are concentrated on one address owned by hackers.
It is important to check the source of downloaded APKs every time you work with cryptocurrency wallets, trading platforms or any other applications that include payments, wallets or any other tools that require you to deposit funds.
If you are a BitKeep user, make sure to check the source of the APK you used to install the wallet, and if it seems suspicious, move all of your funds away from the wallet to some other commonly used storage or hardware wallet. Alternatively, you can send funds to any trusted exchange like Binance temporarily, until finding a better solution for keeping funds.
Alex Dovbnya
Denys Serhiichuk
