2022-12-29
On December 26th, BitKeep warned their users they
found the cyber-attack that trying to attract members to download or update
unofficial APK package downloads.
Dear
BitKeepers, today’s currency theft incident is mainly due to the hijacking of
7.2.9 APK. If you are using the APK version, it is very likely that it is not
the official version. So please transfer the funds to BitKeep Chrome plug-in
wallet as soon as possible, or the app downloaded from the official store, and
create a new wallet address and keep your mnemonic phrase safe.
ref. BitKeep Wallet on Twitter
Due to attackers
creating several fake Bitkeep websites, which contained APK files that looked
like Bitkeep wallet version 7.2.9. Their wallets, by
downloading malicious files, their private keys, or seed words, will also be
stolen and sent to attackers.
As reported,
funds were stolen on 5 different chains, namely: BNB Chain, Tron, Ethereum, and
Polygon, over 200 addresses according to the other 3 chains were taken in the
thieving, and all funds that were heisted will be transferred to 2 main
addresses at the end. Moreover, they were lost over 8 million in digital currencies
for this Hijacked APK App so far.
ref. PeckShieldAlert on Twitter
5 The hijacked APK versions are:
7.2.9 com.bitkeep.w4
7.2.9 com.bitkeep.wallet5
7.2.9 io.bitkeep.wallet
7.2.9 http://com.bitkeep.app
7.2.9 com.bitkeep.w5
Picture credit: Link
