Many users of the BitKeep wallet app have reported unauthorized outbound transfers of multiple types of cryptocurrency from their wallets during the late night of December 25th, and the early morning of December 26th. BitKeep supports over 30 different blockchains and is used by eight million people across the globe.
There is no official announcement of this attack on BitKeep’s website, though the company reached out to alert the community via its official Telegram channel. The announcement reports BitKeep’s suspicion that a trojanized version of their app has been distributed in the wild to unsuspecting users. While BitKeep themselves have not stated how much money has been stolen in this hack, a transaction tracking service called PeckShield estimates roughly eight million dollars have been stolen so far. The attack is still ongoing, and the amount stolen is expected to rise as users return from holiday. Refunds of stolen cryptocurrency are unlikely, as the attack relies on users downloading malicious apps themselves rather than there is a vulnerability in the platform itself.
BitKeep recommends that anyone who may have installed the trojanized app should first download the official app from a trusted source like the Google Play Store, create a new wallet, and transfer all funds to it before removing the malicious version of the app. Any wallets created via the malicious app should be treated as compromised.
In general, Binary Defense recommends only installing applications from the official app stores, such as Google Play for Android and the App Store for iPhone, where apps must pass various checks in order to be offered by the store.