More than $8 million worth of cryptocurrency was stolen from BitKeep users’ wallets in an apparent cyberattack, the latest exploit to hit a decentralized financial network.
BitKeep users reported via social media that their funds were being transferred without any activity on their part, online industry tracker Cointelegraph reported Monday.
The number could be higher as the transfers were still taking place at the time of the report, and it is also unclear if the breach was by a single attacker or multiple.
The number of affected users has yet to be determined. Singapore-based BitKeep claims to have more than 6.3 million users.
Stolen cryptocurrencies include Binance Coin, Ether, Tether, and Dai. A suspected hacker’s wallet now contains around $5 million, BitKeep said. An account holder uses a wallet to safely store cryptocurrency.
BitKeep confirmed the breach in a Telegram post, after a “preliminary investigation.”
“Hackers are suspected of hijacking some APK package downloads and installing hacker-implanted code,” he said, referring to the Android package, the file format used in Google’s mobile operating system.
“If your funds are stolen, the app you download or update may be an unknown version [unofficial release version] kidnaped.”
Decentralized finance, or DeFi, is based on blockchain technology. It is considered a safer way to transact, with the potential to replace intermediaries such as brokers and banks in the financial system.
However, the growing scale of blockchain, cryptocurrencies, and DeFi is attracting criminal activity. Cryptocurrencies tracked by Chainalysis returned total transactions worth $15.8 trillion in 2021, almost seven times more than in 2020.
Money laundering, market manipulation and online theft have been identified as the biggest global threats to decentralized finance on Web3, Chainalysis said.
Theft increased in parallel as cryptocurrency-based crime hit its all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, nearly double the $7.8 billion recorded in 2020. , the New York-based blockchain platform reported.
In March, more than $600 million was stolen from the Ronin Network, a sub-network created for the play-to-win game. infinity axis.
Android package kits can be downloaded from the Internet and installed on Android devices. Since they do not come from the official Google Play store, they carry serious security risks such as viruses and malware that can be used to steal sensitive user data.
Monday’s report also comes just over two months after BitKeep suffered a similar breach, in which around $1 million worth of Binance Coin was stolen by a hacker.
BitKeep has urged users, particularly those using APK versions of their wallets, to transfer their funds to their app from Google Play or the Apple App Store, and create new wallet addresses to safeguard their digital assets.
The company has also provided an online form that users can use to report illegal activity and has said that it will “figure out the solution and help as soon as possible.”
BitKeep is active in 168 countries, with transactions of more than $500 billion, according to its website.
