BitKeep exploiter used phishing websites to lure in customers: Report

by Jeremy December 26, 2022

The Bitkeep exploit that occurred on Dec. 26 used phishing websites to idiot customers into downloading faux wallets, in accordance to a report by blockchain analytics supplier OKLink.

The report said that the attacker arrange a number of faux Bitkeep web sites which contained an APK file that seemed like model 7.2.9 of the Bitkeep pockets. When customers “up to date” their wallets by downloading the malicious file, their personal keys or seed phrases have been stolen and despatched to the attacker.

【12-26 #BitKeep Hack Occasion Abstract】
1/n

In line with OKLink information, the bitkeep theft concerned 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and whole Txns quantity reached $31M.

— OKLink (@OKLink) December 26, 2022

The report didn’t say how the malicious file stole the customers’ keys in an unencrypted type. Nonetheless, it might have merely requested the customers to re-enter their seed phrases as a part of the “replace,” which the software program might have logged and despatched to the attacker.

As soon as the attacker had customers’ personal keys, they unstaked all property and drained them into 5 wallets underneath the attacker’s management. From there, they tried to money out among the funds utilizing centralised exchanges: 2 ETH and 100 USDC have been despatched to Binance, and 21 ETH have been despatched to Changenow.

The assault occurred throughout 5 completely different networks: BNB Chain, Tron, Ethereum, and Polygon, and BNB Chain bridges Biswap, Nomiswap, and Apeswap have been used to bridge among the tokens to Ethereum. In whole, over $13 million price of crypto was taken within the assault.

Associated: Defrost v1 hacker reportedly returns funds as ‘exit rip-off’ allegations floor

It’s not but clear how the attacker satisfied customers to go to the faux web sites. The official web site for BitKeep supplied a hyperlink that despatched customers to the official Google Play Retailer web page for the app, however it doesn’t carry an APK file of the app in any respect.

The BitKeep assault was first reported by Peck Defend at 7:30 a.m. UTC. On the time, it was blamed on an “APK model hack.” This new report from OKLink means that the hacked APK got here from malicious websites, and that the developer’s official web site has not been breached.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

BitKeep exploiter used phishing websites to lure in customers: Report

Jeremy

Palau reportedly companions with Ripple to launch nationwide stablecoin

Solana’s High NFT Tasks DeGods and Y00ts to Migrate Chains