"BitKeep Confirms Cyberattack, Loses Over $9 Million in Digital Currencies"

Decentralized multi-chain crypto wallet BitKeep recently confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies.  BitKeeps CEO Kevin Como stated that with maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds.  The CEO described the incident as a "large-scale hacking incident."  According to blockchain security company PeckShield and multi-chain blockchain explorer OKLink, an estimated $9.9 million worth of assets have been plundered so far.  BitKeep stated that the funds stolen are on BNB Chain, Ethereum, TRON, and Polygon.  BitKeep found that more than 200 addresses on the other three chains were used in the heist, and all funds were transferred to 2 main addresses in the end.  The incident is said to have taken place on December 26, 2022, with the threat actor exploiting and hijacking version 7.2.9 of the Android app package (.APK) file hosted on its website to distribute the trojanized variant.  The company noted that the digital break-in doesn't impact BitKeep apps downloaded via Google Play, Apple App Store, or the Google Chrome Web Store.  The company said it had traced the wallet address used to carry out the theft and that some of the siphoned digital assets have been frozen.  Users who have downloaded the APK file for version 7.2.9 are advised to install the latest version (7.3.0) released today and transfer the funds to a newly generated wallet address.

The Hacker News reports: "BitKeep Confirms Cyberattack, Loses Over $9 Million in Digital Currencies"