Hackers are attempting to cash out after exploiting popular crypto wallet BitKeep over the weekend.
In a tweet on Monday, blockchain security firm Supremacy Inc. alerted users to a series of transactions that show the BitKeep Wallet hackers transferring stolen funds through SideShift and FixedFloat, two coin-swapping services that don’t require users to give information about their identities.
The ongoing exploit was confirmed by BitKeep on Dec. 26, with the team saying in a Telegram message it suspected some APK package downloads had been hijacked by hackers.
An APK package, or Android Package, refers to the file format that allows users to install apps on their Android devices. In this case, BitKeep believes that the hackers implanted malicious code in the APK package that users may have unknowingly downloaded in an update.
BitKeep later confirmed to Decrypt that the 7.2.9 APK was the compromised update, and it was extremely likely that any user running that version was at risk of losing their funds. The firm advised all users to immediately transfer funds to the BitKeep Chrome plug-in wallet or the app downloaded from the official store and to create a new wallet address.
Security firm PeckShield estimated the total amount of funds stolen so far to be around $8 million.
#PeckShieldAlert #BitKeep reported that several users' funds were stolen, the official stated that possibly due to downloading a hacked APK version
∼$8M worth of assets have been stolen so far, including ~4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH pic.twitter.com/ZdomZGFWRO
— PeckShieldAlert (@PeckShieldAlert) December 26, 2022
On-chain data platform OK Link found that the hackers moved the stolen coins across four different blockchains to 50 different addresses. OK Link found that the value of the hackers’ transfers since the time of the exploit was $31 million – a significantly higher number than estimates from earlier in the day.
According to OK Link, the theft involved Binance Smart Chain, Ethereum, Tron and Polygon.
BitKeep is yet to officially confirm the amount of cryptocurrency stolen from users of its crypto wallet.