In December 2022, BitKeep users reported transactions from their accounts when they were not using the service. Further investigation revealed malicious code inserted into the project’s applications that stole over $8 million from the project’s users.
Inside the Attack
BitKeep operates a cryptocurrency wallet that supports multiple different blockchains. As part of its services, BitKeep has a mobile app for Android devices.
After hearing reports from users of stolen funds, BitKeep personnel discovered that attackers had hijacked downloads of unofficial versions of the project’s Android apps downloaded from phishing sites. With access to these APK files, the attackers were able to modify the application’s functionality to insert malicious code. This malicious functionality stole private keys, allowing the attacker to perform transactions with the user’s blockchain accounts, stealing over $8 million from BitKeep users.
Lessons Learned From the Attack
The BitKeep hack demonstrates the importance of good security practices for crypto users. Official versions of the BitKeep app downloaded from the Google Play Store were unaffected, but sideloaded versions were infected. Validating the authenticity of websites and applications before entering sensitive information — such as private keys — is essential for crypto security.Crypto users face a wide variety of potential security threats. To learn more about protecting your blockchain accounts, check out our article on common types of crypto scams and reach out to our Web3 security experts anytime at halborn@protonmail.com.