The latest vulnerability to affect a decentralized banking network has seen more than $8 million worth of cryptocurrencies stolen from the wallets of BitKeep users in what appears to be a cyberattack. Online market watcher Cointelegraph said on Monday that BitKeep users have complained on social media about their funds being transferred without their involvement. Transfers were still being made at the time of the report, so the amount could be larger. It is also unknown whether there was only one or more attackers involved in the hack.
The number of affected users is yet to be determined. BitKeep, which is based in Singapore, claims to have more than 6.3 million users.
Among the cryptocurrencies stolen are Binance Coin, Ether, Tether and Dai. The wallet of one suspected hacker now contains about $5 million, said BitKeep. A wallet is used by an account holder to securely store cryptocurrency.
BitKeep confirmed the breach in a Telegram post, after a “preliminary investigation”.
“It is suspected that some APK package downloads have been hijacked by hackers and installed with code implanted by hackers,” it said, referring to Android package kit, the file format used on Google’s mobile operating system.
“If your funds are stolen, the application you download or update may be an unknown version [unofficial release version] hijacked.”
Decentralised finance, or DeFi, is based on blockchain technology. It is considered to be a safer way to conduct transactions, with the potential to replace middlemen, such as brokers and banks, in the financial system.
However, the growing scale of blockchain, cryptocurrencies and DeFi is attracting criminal activity. Cryptocurrencies tracked by Chainalysis yielded total transactions worth $15.8 trillion in 2021, up almost sevenfold from 2020.
Money laundering, market manipulation and online theft have been identified as the biggest threats globally to decentralised finance on Web3, Chainalysis has said.
Theft rose in parallel as crypto-based crime reached its highest level in 2021, with illicit addresses receiving $14 billion over the course of the year, almost double the $7.8 billion recorded in 2020, the New York-based blockchain platform has reported.
In March, more than $600 million was stolen from Ronin Network, a side chain built for the play-to-earn game Axie Infinity.
Android package kits can be downloaded from the internet and installed on Android devices. As they do not come from the official Google Play Store, they carry serious security risks, such as viruses and malware that can be used to steal sensitive user data.
Monday’s report also comes a little over two months after BitKeep suffered a similar breach, in which one hacker stole about $1 million worth of Binance Coin.
Users — particularly those using APK versions of their wallets — have been urged by BitKeep to transfer their funds to its app from Google Play or Apple’s App Store, and create new wallet addresses to safeguard their digital assets.
The company has also provided an online form that users can use to report illicit activity, and has said it will “figure out the solution and assist as soon as possible”.
BitKeep is active in 168 countries, with transactions of more than $500 billion, according to its website.
About Author
