Posted on December 26, 2022 at 1:40 PM
Hacking exploits within the decentralized finance (DeFi) space have remained high despite the bear market. The latest exploit happened on the BitKeep wallet, where around $8 million worth of crypto assets was drained from user wallets.
BitKeep confirms $8M exploit
On December 26, users of BitKeep, a multichain cryptocurrency wallet, started complaining of unauthorized transactions in their wallets. These users noted that funds were being transferred and withdrawn from their wallets mysteriously.
The BitKeep team confirmed that an exploit had happened on the wallet through their official Telegram group. The team noted that some of the APK package downloads had been compromised by hackers and replaced with a code created by the hackers. The team noted that users who were missing funds from their wallets had downloaded or updated an application that was “an unknown version (unofficial release version) hijacked.”
The team later followed up with another update where it urged its users to transfer their funds to a wallet application that originated from trusted and official sources such as the Apple App Store and the Google Play Store.
The BitKeep team has also urged the community to use a new wallet address, noting that the previous wallet addresses could have been compromised. The team has also provided a Google form that the affected users can fill out and submit the relevant information that will help with investigations into the breach.
PeckShield confirmed this exploit, citing the official response from BitKeep that explained that a breached APK version possibly caused the exploit. PeckShield also noted that the hacker had managed to steal $8 million worth of cryptocurrencies. The amount included 4,373 BNB tokens, 5.4M USDT, 196,000 DAI, and 1,233.21 ETH.
One of the wallet addresses suspected of belonging to the hacker has over $5 million worth of different cryptocurrencies. The amount the attackers have stolen from wallet addresses could be higher, as transactions were still ongoing, with the hacker moving funds to different wallet addresses.
Nevertheless, this is not the first time that BitKeep has been exploited. In October, the wallet service provider confirmed another exploit that led to the attacker stealing $1 million in BNB tokens. However, unlike in the recent case, this exploit was not caused by a compromised APK. Instead, the exploit was done using a service that allowed token swaps. BitKeep halted the service and promised to reimburse users.
Exploits in the crypto space remain high
Exploits in the crypto space have remained high, with this month recording several exploits that have caused user losses. Besides BitKeep, Defrost Finance is another platform that has suffered an exploit lately. Over the weekend, Defrost Finance announced that both Defrost v1 and Defrost v2 were under investigation for a possible exploit.
The platform started the investigations after investors complained of losing their staked Avalanche (AVAX) and Defrost Finance (MELT) tokens held within their MetaMask wallets. The team later confirmed that Defrost v2 was affected by a flash loan attack.
At the time, Defrost Finance agreed to halt the operations of v2 and conduct further investigations into the matter. At the time, PeckShield said that the hacker had manipulated the share price of LSWUSDC, which led to the attacker making around $173,000. The report by PeckShield on the matter also revealed that a fake collateral token had been added, and current users were liquidated using a compromised price oracle. The losses were estimated to be more than $12 million.
The other exploit that has happened this month is on the Raydium decentralized exchange. The DEX suffered an exploit on December 16, with an official forum post from the platform revealing that the hacker managed to steal more than $2 million worth of cryptocurrencies after exploiting a vulnerability within the DEX’s smart contracts.
Raydium further noted that the attacker’s actions allowed admins to withdraw entire liquidity pools, despite the safeguards that had been put in place to prevent this from happening. The Raydium team has also devised a proposal to compensate the victims affected by the breach and make them whole.
The team plans to reimburse the affected users with its unlocked RAY tokens. However, the DEX does not have any tokens to compensate the victims. Therefore, it opened a governance vote asking the RAY holders to authorize the platform to use the funds in its decentralized autonomous organization (DAO) treasury to purchase the missing tokens and reimburse the affected users.