On the 26th of December, BitKeep, the multi-chain crypto wallet, reported a hacking incident that resulted in losing millions of dollars in various cryptocurrencies its users. Regarding the reason behind this hack, the team crypto wallet claimed that their preliminary investigation pointed to some malicious APK package downloads that were hijacked by hackers. According to a report from PeckShield, a security company, the total amount of funds stolen from the hack at BitKeep is around $8 million in various digital assets. These digital assets include 4373 BNB, 196k DAI, 5.4M USDT, and 1233.21 ETH.
APK, Android Package, is the file format that Android mobile uses to distribute and install apps. And the APK files outside Google Play allow users to install apps on their Android phones from third-party sources, which may result in higher security risks. And here, in BitKeep’s hack case, this same happened when the users of the crypto wallet installed the app from third-party sources. In a statement on its official Telegram group, the crypto wallet team wrote that If your funds are stolen, the application you download or update may be an unknown version, an unofficial release version, or a hijacked one.
BitKeep also advised the users that download the APK version to transfer their funds to the wallet downloaded from Google Play or App Store that this may also result in higher security risks. The firm also advised users that they should do this process through a newly-created wallet address because addresses made through the malicious APK may have been leaked to hackers.
However, some users are reporting that their funds are stolen from the officially downloaded wallets, due to which BitKeep has doubled down on its primary investigation. According to a report from Decrypt, a spokesperson from BitKeep told that today’s hacking incident is mainly due to the hijacking of the 7.2.9 APK. If users are using the APK version, likely, it is not the official version, the spokesperson added.
The spokesperson said that we have already let users transfer the funds to the BitKeep Chrome plug-in wallet or the app downloaded from the official store, as soon as possible. There is no problem with the app downloaded from the official Google Play or App Store, the spokesperson added.