Hackers have taken this holiday as a season to mastermind so many illicit attacks, while others are resting, they have been launching out. Multi-chain Web3.0 Decentralized Finance (DeFi) wallet BitKeep has been exploited and drained of about $8 million, based on analysis from blockchain security firm PerkShield.
According to reports from users of the wallets, their accounts automated transfers of different cryptocurrencies which were held in them ranging from BNB, Ethereum (ETH), United States dollar-pegged stablecoin Tether (USDT), Dai (DAI), and others. To avoid additional exploitation, BitKeep has advised its users to transfer their funds to Google Play or Apple App store which have wallets with official sources.
For them to achieve this, they would need a newly created wallet address since the hackers are now in possession of their former address created via the corrupt APK. Furthermore, the Web3.0 DeFi platform affirmed that some APK package downloads have been hijacked by some attackers and have been installed with code that was implanted by hackers.
BitKeep Blames Unofficial APK for Attack
This APK which is an acronym for Android Package is a file format that allows Android users to allocate and install applications. Owing to the fact that usually such installations are done from a third-party source, higher security checks are carried out most of the time.
On its official Telegram page, BitKeep wrote “If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”
A BitKeep representative said “Today’s theft incident is mainly due to the hijacking of 7.2.9 APK. If users are using the APK version, it is very likely that it is not the official version. So we have already let users transfer the funds to BitKeep Chrome plug-in wallet as soon as possible, or to the app downloaded from the official store, and create a new wallet address.”
Several community members doubt this piece of explanation submitted by BitKeep. They are still of the opinion that even the officially downloaded wallets have been victims of the attack. BitKeep is still insistent and has emphasized that there is nothing wrong with the officially downloaded wallets.