Original wallet is safe to use, but you should be cautious when downloading APKs
according to peckshield report good, popular cryptocurrency wallet BitKeep reported that several users lost their funds after contacting a compromised APK version of the app. The hackers were able to steal $8 million worth of assets, including 4,000 BNB, $5.4 million USDT, nearly 200,000 DAI and 1,233 ETH.
Attack directions
It is not yet clear where the compromised APK originated and what was the source of most downloads. However, some users reported that they have been personally contacted by suspicious accounts in social media platforms like Twitter, where scammers urged them to download the BitKeep wallet.
However, the links spread on Twitter were nothing but a phishing tool. After opening it and downloading the hacked APK file, users’ devices were compromised, and crypto thieves gained access to all funds sent to addresses set up in the application.
After reaching a certain download threshold, hackers decided to “withdraw” funds on compromised wallets and made a bankrun. As for now, most of the funds are concentrated on one address owned by hackers.
Every time you work with a cryptocurrency wallet, trading platform, or any other application that involves payment, wallet, or any other device that requires you to store funds, verify the source of the downloaded APK. Checking in is important.
If you are a BitKeep user, make sure to check the source of the APK you used to install the wallet, and if it seems suspicious, move all of your funds away from the wallet to some other commonly used storage or hardware wallet. Alternatively, you can send funds to any trusted exchange like Binance temporarily, until finding a better solution for keeping funds.
