More than $8 million in cryptocurrency has been stolen from BitKeep users’ wallets in an apparent cyber attack, the latest exploit to hit a decentralized finance network.
BitKeep users reported on social media that their funds were being transferred without any activity on their end, according to online industry tracker Cointelegraph on Monday.
The amount could be higher because transfers were still being made at the time of the report, and it is also unclear whether the breach was caused by a single attacker or several.
The number of affected users has yet to be determined. BitKeep, based in Singapore, claims to have over 6.3 million users.
Binance Coin, Ether, Tether, and Dai are among the cryptocurrencies stolen. According to BitKeep, one suspected hacker’s wallet now contains approximately $5 million. An account holder uses a wallet to securely store cryptocurrency.
Following a “preliminary investigation,” BitKeep confirmed the breach in a Telegram post.
“It is suspected that some APK package downloads have been hijacked by hackers and installed with code implanted by hackers,” it said, referring to the file format used by Google’s mobile operating system, Android package kit.
“If your funds are stolen, the application you download or update may be an unofficial release version that has been hijacked.”
Blockchain technology underpins decentralized finance, or DeFi. It is thought to be a safer way to conduct transactions.
Money laundering, market manipulation, and online theft have been identified as the top global threats to decentralized finance on the Web3, according to Chainalysis.
Theft increased concurrently as crypto-based crime reached its peak in 2021, with illicit addresses receiving $14 billion over the course of the year, nearly double the $7.8 billion recorded in 2020, according to the New York-based blockchain platform.
More than $600 million was stolen in March from Ronin Network, a side chain created for the play-to-earn game Axie Infinity.
Android package kits are available for download from the internet and installation on Android devices. Because they are not from the official Google Play Store, they pose serious security risks, including viruses and malware that can be used to steal information.
Monday’s report also comes just over two months after BitKeep experienced a similar breach in which one hacker stole approximately $1 million in Binance Coin.
BitKeep has urged users, particularly those who use APK versions of their wallets, to transfer their funds to its app from Google Play or Apple’s App Store and create new wallet addresses to protect their digital assets.
The company has also provided an online form that users can use to report illicit activity, and has said it will “figure out the solution and assist as soon as possible”.
According to its website, BitKeep is active in 168 countries and has processed over $500 billion in transactions.