Crypto Wallet Bitkeep Pinpoints Malicious APK Packs for $8M Exploit

Crypto Wallet Bitkeep Pinpoints Malicious APK Packs for M Exploit

Multi-chain crypto wallet BitKeep today reported a hacking incident that resulted in users losing approximately $8 million in various cryptocurrencies.

The project’s team said the preliminary investigation points to some APK package downloads being hijacked and installed with malicious code injected by hackers.

APK, which stands for Android Package, is the file format that Android uses to distribute and install apps. APKs are often available outside of Google Play and allow users to install apps on their Android phones from third-party sources, which in turn can lead to higher security risks.

“If your money is stolen, the application you download or update may be an unknown version (unofficial release version) hijacked,” the BitKeep team wrote in its official Telegram group.

BitKeep also advised those users who downloaded the APK version to transfer their funds to the wallet downloaded from the App Store or Google Play. Ideally, users are advised to do this using a newly created wallet address, as the addresses created through the malicious APK may have been leaked to hackers.

$8 million was allegedly drained from Bitkeep

Security company PeckShield, meanwhile, has Assumed the total amount of stolen funds to be around 8 million dollars in various digital assets.

Although some Twitter users question this version of events, reporting cases of funds stolen from the officially downloaded wallets, Singapore-based BitKeep has redoubled its preliminary investigation.

“Today’s theft incident is mainly due to the hijacking of the 7.2.9 APK. If users are using the APK version, it is very likely that it is not the official version. So we have already allowed users to transfer the money to the BitKeep Chrome plug-in wallet as soon as possible, or to the app downloaded from the official store, and create a new wallet address,” said a Bitkeep spokesperson. Decryptadding that “there is no problem” with the app downloaded from the official App Store or Google Play.

See also  "Astrix is ​​going to be the glue between different cloud services."

In a separate report, security firm Hacken said around $6 million in crypto assets have been stolen, adding that “the attack is still ongoing and the attacker is transferring users’ assets directly to multiple addresses.”

According to Hacken, primary addresses of stolen funds have been identified as a Binance Smart Chain wallet and an Ethereum wallet, with the latter seeing two large outgoing transactions worth 709 Ethereum (about $865,000) and 504 Ethereum (about $615,000) respectively.

This is not the first hacking incident targeting BitKeep this year, with the wallet suffering an exploit in October that resulted in the loss of $1 million in Binance Coin (BNB) tokens.

Stay up to date on crypto news, get daily updates in your inbox.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *