Bitkeep Postmortem — CoinYield

BitKeep Wallet Hack — December 26, 2022

Overview

In December 2022, BitKeep users reported transactions from their accounts when they were not using the service, and further investigation revealed malicious code inserted into the project's applications that stole over $8 million.

Attack Method

Attackers had hijacked downloads of unofficial versions of the project's Android apps downloaded from phishing sites, and with access to these APK files, the attackers were able to modify the application's functionality to insert malicious code. This malicious functionality stole private keys, allowing the attacker to perform transactions with the user's blockchain accounts.

Stolen Assets

The stolen assets included:

• ~4,373 BNB

• 5.4M USDT

• 196k DAI

• 1,233.21 ETH

Response

BitKeep promised to reimburse affected users fully. The BitKeep team urged its users to transfer their funds to a wallet that came from official sources like Google Play and the Apple App Store.

Additional Context

This was not the first hack targeting BitKeep in 2022, as the Web3 wallet suffered a similar incident in October, which resulted in the loss of $1M in assets.

Sources

• https://rekt.news/bitkeep-rekt/

• https://www.halborn.com/blog/post/explained-the-bitkeep-hack-december-2022

• https://cointelegraph.com/news/hackers-drain-8m-in-assets-from-bitkeep-wallets-in-latest-defi-exploit

• https://thecryptobasic.com/2022/12/26/hacker-drains-8m-from-user-accounts-on-defi-wallet-bitkeep/

• https://smartcontractshacking.com/hacks/bitkeep-hack-2022

• https://247wallst.com/investing/2023/03/29/bitkeep-reimburses-users-affected-by-8m-hack/