BitKeep’s CEO Says, Some Users’ Private Keys Are Still Vulnerable
The blockchain executive advised BitKeep 7.2.9 APK malware downloaders to move their assets promptly.
The anonymous CEO of BitKeep, Kevin Como, stated in a letter published on the Chinese blockchain news website Odaily.com on December 27 that customers’ private keys are still in danger following a security issue on December 26 that resulted in losses of over $13 million at the time of publishing. With more than 6 million users, BitKeep is one of the more well-known noncustodial, decentralized financial multichain wallets. Como specifically stated:
“This was a large and atrocious hacker attack incident. The BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped by the hacker. As a result, some users already installed the APKs that were planted malware by the hackers, leading to a leak of users’ private keys.”
Como recommended customers move their digital assets to a different wallet if they have already downloaded the Android APK 7.2.9. The crypto executive stated that it is likely that [these wallets] already had their private keys exposed.
Como detailed the work made, saying that the BitKeep team has already been in touch with SlowMist and other blockchain security companies to track down the cash taken. He said, “We have aggressively gathered data on consumers’ assets taken, prepared an exhaustive account of hacking techniques and timeframe, and gathered data on Android 7.2.9 APK virus.
The Web3 data analytics company OKLink initially revealed yesterday that the attacker created several phony BitKeep websites that contained an APK file that seemed to be BitKeep wallet version 7.2.9. Private keys or seed words were then taken from users who downloaded and interacted with the infected file and provided to the attacker.
According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.
