A mature approach by BlackRock to promoting its new spot ETF with an ad labelling Bitcoin simply as 'progress'.
Kelvin Como, the pseudonymous CEO of the decentralised wallet platform BitKeep has issued a warning to users that their private keys are at risk following a security incident on Boxing Day. According to a note posted on Chinese blockchain publisher Odaily, the incident has led to over $13 million in losses with wallets still at risk following the attack.
According to the letter, Como believes the incident is part of a major hack that led to the compromise of the wallets and data holding critical information about private keys. He wrote:
“This was a large and atrocious hacker attack incident. The BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped by the hacker, and as a result, some users already installed the APKs that were planted malware by the hackers, leading to a leak of users’ private keys.”
In order to remedy this, Como has encouraged users who have already downloaded the Android Package Kit to transfer all of their associated digital assets to a new wallet address. This would help solve the risk that further wallets would have their private key and important information comprised. According to the CEO, it’s likely that the wallets of users that have downloaded the new APK have already had their private keys leaked.
According to data from analytics firm OKLink, the attacker set up a number of fraudulent BitKeep websites to manipulate users of BitKeep to download the fake APK. In its report, OKLink also noted that the hacker addresses have seen an inflow of over $7,500,000 in cryptocurrencies including DAI, BNB, and UDST.
In total, the hacker addresses transfer 13 tokens worth $13,235,464 and received a total of $7,513,110.
The most transferred address is the No. 1 address, the address transferred a total of 15 times and traded a total of 216,010 DAI 652BNB and 20,000 UDST.
— OKLink (@OKLink) December 26, 2022
Como also explained that the team behind the exchange have reached out to blockchain security firms already to try and track and recover the stolen funds. In his letter, Como noted: “We have actively collected information about users’ stolen assets, made a complete recollection of hacking procedures and timeline, and have collected evidence of the Android 7.2.9 APK malware.”