BitKeep-2.md

BitKeep

• Amount Lost: $8,000,000.00
• Funds Returned: $0.00
• Category: Other
• Date: 2022-12-26

Quick Summary

Some users of the multi-chain wallet BitKeep had downloaded a hacked APK version. This allowed the hackers to start draining their addresses. Current losses reached $8M.

Details of the Exploit

Users that were using the hacked version 7.2.9 of the BitKeep’s APK have been losing their funds.

The APK has been hacked due to a vulnerability in the API server used by the wallet app. This allowed the attacker to access the app’s database, which held critical user information such as private keys of their wallets.

Funds have been stolen on BSC, Ethereum, TRON and Polygon.

**Block Data Reference **

The attacker addresses:

https://bscscan.com/address/0x36225a2721DCb124F3E185d3c177049813b279ba

https://etherscan.io/address/0x9f12243d60c301d4e01a3d24bb620e8ffb40f855

Proof Links:

• https://cointelegraph.com/news/hackers-drain-8m-in-assets-from-bitkeep-wallets-in-latest-defi-exploit
• https://twitter.com/CertiKAlert/status/1607253110254182401
• https://twitter.com/BitKeepOS
• https://twitter.com/BitKeepOS/status/1607666304714158081?cxt=HHwWgsDRnZD_yc8sAAAA