BitKeep CEO says some users’ private keys remain at risk after exploit

According to a letter posted on Chinese blockchain news publisher Odaily.com on Dec. 27, Kevin Como, anonymous CEO of BitKeep, warned that users’ private keys are still at risk after a security incident on Dec. 26 led to over $13 million in losses at the time of publication. BitKeep is one of the more popular non-custodial, decentralized finance multi-chain wallets with over 6 million users. Specifically, Kevin wrote:

“This was a large and atrocious hacker attack incident. The BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped by the hacker, and as a result, some users already installed the APKs that were planted malware by the hackers, leading to a leak of users’ private keys.”

Kevin urged users who had already downloaded the Android APK 7.2.9. to transfer their digital assets to a new wallet. “It is probable that [these wallets] already had their private keys leaked.” The crypto executive wrote.

In terms of progress, Kevin explained that the BitKeep team has already been in contact with blockchain security firms such as SlowMist to trace the stolen funds. “We have actively collected information about users’ stolen assets, made a complete recollection of hacking procedures and timeline, and have collected evidence of the Android 7.2.9 APK malware,” he stated.

Web 3.0 data analytics firm OKLink first reported yesterday that attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. Users who downloaded and interacted with the malicious file then had their private keys or seed words stolen and sent to the attacker. 

【12-26 #BitKeep Hack Event Summary】1/n

According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.

— OKLink (@OKLink) December 26, 2022