BitKeep CEO says some users' private keys remain at risk after exploit

According to a missive posted connected Chinese blockchain quality steadfast Odaily.com connected Dec. 27, Kevin Como, anonymous CEO of BitKeep, warned that users' backstage keys are inactive astatine hazard aft a security incident connected Dec. 26 led to implicit $13 cardinal successful losses astatine the clip of publication. BitKeep is 1 of the much fashionable non-custodial, decentralized concern multi-chain wallets with implicit 6 cardinal users. Specifically, Kevin wrote:

"This was a ample and atrocious hacker onslaught incident. The BitKeep APK 7.2.9 (Android Package Kit) installation bundle was hijacked and swapped by the hacker, and arsenic a result, immoderate users already installed the APKs that were planted malware by the hackers, starring to a leak of users' backstage keys."

Kevin urged users who had already downloaded the Android APK 7.2.9. to transportation their integer assets to a caller wallet. "It is probable that [these wallets] already had their backstage keys leaked." The crypto enforcement wrote.

In presumption of progress, Kevin explained that the BitKeep squad has already been successful interaction with blockchain information firms specified arsenic SlowMist to hint the stolen funds. "We person actively collected accusation astir users' stolen assets, made a implicit recollection of hacking procedures and timeline, and person collected grounds of the Android 7.2.9 APK malware," helium stated.

Web 3.0 information analytics steadfast OKLink first reported yesterday that attacker acceptable up respective fake Bitkeep websites which contained an APK record that looked similar mentation 7.2.9 of the Bitkeep wallet. Users who downloaded and interacted with the malicious record past had their backstage keys oregon effect words stolen and sent to the attacker. 

— OKLink (@OKLink) December 26, 2022