BitKeep is a decentralized cross-chain wallet for cryptocurrencies, supporting more than 30 blockchains, 20,000 decentralized applications, and more than 223,000 assets. It is used by more than 8 million people in 168 countries to manage assets and process transactions.
While the platform did not make an official announcement about the incident on its website, it did inform its users via its official Telegram channel that the incident may have affected users who downloaded an unofficial version of the BitKeep app.
“After an initial investigation conducted by the team, it is suspected that hackers compromised some (app-specific) APK downloads and installed malicious code in them,” the BitKeep announcement read. Note that APK is an Android Package or Android Package Kit and is used to distribute applications for installation on Android devices from outside the official application stores.
BitKeep added: “If your money has been stolen, the app you are downloading or updating may be an unknown version (unofficial version) hacked.”
Those who downloaded a hacked APK file are advised to transfer all their funds to the official store after downloading the official apps from the Google Play Store and App Store, and then create a new wallet address to transfer all their funds to.
The platform warns that any wallet address generated using a malicious APK should be treated as compromised. Those who have fallen victim to the hack are requested to fill out this form for the BitKeep support team to try to provide a timely solution.
BitKeep did not specify how much money was lost due to these breaches, but transaction tracking service PeckShield reported that nearly $8 million in assets have been stolen so far.
As the attack continues, with hackers taking advantage of the holiday season, causing delays in noticing the breach and incident response actions, losses are expected to increase.
Last October, BitKeep suffered a loss of nearly $1 million after a hacker exploited a vulnerability in the service that enabled him to make random coin swaps. At the time, BitKeep promised to fully compensate those affected by the incident.
However, since the current attacks result from users being scammed by hacked APKs, it is unlikely that there will be any refunds.