BitKeep is a decentralized platform for crypto trading. The company was founded in 2018 by Kevin Como. BitKeep has its own wallet app which users can buy, sell and store various crypto assets. BitKeep also allows you to swap various tokens and do NFT trading or storing.
In early December, BitKeep tweeted about a new security update that is designed to protect user assets. But a few weeks later, on December 26, one of BitKeep’s users asked the company why 0.05 BNB was automatically withdrawn from his wallet to an unknown location while he was sleeping.
Of course, this was not the only case when money from BitKeep user's wallet was transferred elsewhere. The following day, BitKeep announced a summary of the hacker attack. As it turned out, hackers were able to inject malicious code into the APK file of the BitKeep application.
According to the BitKeep team, the losses from the attack totalled approximately $8 million. Some of the stolen funds were tracked and frozen.
The target of the attacks were the BNB Chain, Ethereum, TRON and Polygon chains.
The malicious code automatically sent user's tokens to the hacker's addresses. After that, all the stolen funds were swapped to USDT to the amount of 8,989,011.
Two days after the attack, the CEO of BitKeep, Kevin Como, wrote an open letter to users in which he wrote about the attack, apologized for the incident and promised that the BitKeep team would do everything possible to fix this error and avoid a repeated incident in the future.
“The whole BitKeep team and I are pulling all strings we can and going to great lengths to recover the stolen assets. This and compensating the victimized users are our top priorities now. We also have a new security strategy planned to restructure and upgrade our technical solution as security is the cornerstone of the whole BitKeep business. If you have suffered any loss in this incident, we’re very sorry. But please don’t worry, because I assure you that we will give you a satisfying solution.”
The year has been a bonanza for hacker attacks. As a solution, some experts recommend to keep funds in non-custodian wallets. This will increase security but there is always a risk that you lose the wallet itself or the seed-phrase. The industry is evolving and many new hybrid solutions are coming into the arena. We will keep observing their development.