BTC

$62399.465

-1.68%

ETH

$3013.392

-2.16%

BNB

$577.987

-1.91%

XRP

$0.523

-3.30%

News

BitKeep Exploiter Enticed Customers By Phishing Websites

December 26, 2022 - Around 2 mins mins to read

Key Points:

  • The attacker created fake Bitkeep websites that each hosted an APK file that seemed to be Bitkeep wallet version 7.2.9.
  • Five networks were affected by the attack: BNB Chain, Tron, Ethereum, Polygon, and BNB Chain bridges.
According to research by blockchain analytics vendor OKLink, the Bitkeep vulnerability that happened on December 26 employed phishing sites to trick users into installing fraudulent wallets.
BitKeep Exploiter Enticed Customers By Phishing Websites

The attacker created a number of fictitious Bitkeep websites that each hosted an APK file that seemed to be Bitkeep wallet version 7.2.9. Users’ private keys or seed words were taken when they “updated” their wallets by downloading the malicious file, and they were delivered to the attacker.

Previously, Coincu reported that on-chain data services provider OKLink has made public the total loss that was caused by the BitKeep hack, which is close to $31 Million with 50 different hacker addresses.

The malicious software grabbed the users’ keys in an unencrypted form, although the report did not specify how. As part of the “upgrade,” it may have only required the customers to re-enter their seed words, which the program could have recorded and forwarded to the attacker.

After obtaining users’ private keys, the attacker unstacked all assets and transferred all funds to five wallets under their command. From there, they attempted to withdraw part of the money via centralized exchanges: 2 Ethereum (ETH) and 100 USDC were sent to Binance, and 21 ETH were sent to Changenow.

BitKeep Exploiter Enticed Customers By Phishing Websites

Five networks were affected by the attack: BNB Chain, Tron, Ethereum, Polygon, and BNB Chain bridges. Some of the coins were connected to Ethereum via the bridges Biswap, Nomiswap, and Apeswap. The hack resulted in the theft of cryptocurrency valued at over $13 million in total.

How the attacker persuaded visitors to access the bogus websites is still unclear. The official Google Play Store page for BitKeep has a link that directs people there, but it does not include an APK file for the program at all.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Thana

Coincu News

bitkeep

BNB Chain

Crypto wallet BitKeep

TRON

Avatar of Thana

Author

Thana

I am a news editor at Coincu, where I produce daily editorial packages and manage the knowledge and review article sections. Before journalism, I earned a Bachelor's degree in Global Logistics and Supply Chain Management from Northampton University and studied news journalism at Press Association Training.
News

BitKeep Exploiter Enticed Customers By Phishing Websites

Key Points:

  • The attacker created fake Bitkeep websites that each hosted an APK file that seemed to be Bitkeep wallet version 7.2.9.
  • Five networks were affected by the attack: BNB Chain, Tron, Ethereum, Polygon, and BNB Chain bridges.
According to research by blockchain analytics vendor OKLink, the Bitkeep vulnerability that happened on December 26 employed phishing sites to trick users into installing fraudulent wallets.
BitKeep Exploiter Enticed Customers By Phishing Websites

The attacker created a number of fictitious Bitkeep websites that each hosted an APK file that seemed to be Bitkeep wallet version 7.2.9. Users’ private keys or seed words were taken when they “updated” their wallets by downloading the malicious file, and they were delivered to the attacker.

Previously, Coincu reported that on-chain data services provider OKLink has made public the total loss that was caused by the BitKeep hack, which is close to $31 Million with 50 different hacker addresses.

The malicious software grabbed the users’ keys in an unencrypted form, although the report did not specify how. As part of the “upgrade,” it may have only required the customers to re-enter their seed words, which the program could have recorded and forwarded to the attacker.

After obtaining users’ private keys, the attacker unstacked all assets and transferred all funds to five wallets under their command. From there, they attempted to withdraw part of the money via centralized exchanges: 2 Ethereum (ETH) and 100 USDC were sent to Binance, and 21 ETH were sent to Changenow.

BitKeep Exploiter Enticed Customers By Phishing Websites

Five networks were affected by the attack: BNB Chain, Tron, Ethereum, Polygon, and BNB Chain bridges. Some of the coins were connected to Ethereum via the bridges Biswap, Nomiswap, and Apeswap. The hack resulted in the theft of cryptocurrency valued at over $13 million in total.

How the attacker persuaded visitors to access the bogus websites is still unclear. The official Google Play Store page for BitKeep has a link that directs people there, but it does not include an APK file for the program at all.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Thana

Coincu News

Visited 60 times, 1 visit(s) today