Multichain crypto wallet BitKeep has suffered a $1 million hack after an anonymous exploit of its swap feature on the BNB Chain.
Blockchain security company PeckShield was the first to report the hack, and recommended that users employ the ‘Revoke’ tool to halt any token allowances and avoid further damages.
The attacker has since transferred the stolen funds through Tornado Cash, an Ethereum-based, privacy focused fund mixer that was recently sanctioned by the U.S. government.
BitKeep has confirmed the attack, but revealed that they were able to stop the attacker by disabling the swap feature. The firm’s next steps wil be to “communicate and cooperate with major security agencies to track down the hackers and do our best to recover the stolen assets”.
BitKeep has also published a plan for reimbursing the victims, stating that it will launch a compensation portal within three working days. Affected users will be able to apply for a 100% refund.
The team behind the crypto wallet has also launched a wallet safety assurance feature, along with a one-tap repair feature.
BitKeep is one of the most popular crypto wallets on the market, boasting more than 6 million users worldwide, with most of its customer base residing in Asia.
Hacking Spree Continues
BitKeep joins the almost one dozen crypto projects that have been hacked during the month of October. According to Chainalysis, hackers have stolen more than $718 million in the first two weeks alone, which is enough to make October the most profitable month for crypto hackers.
Four attacks took place in an inauspicious event on October 11th, the worst of which took place on Mango Markets, a Solana-based decentralized protocol, as it was drained of $114 million after a hacker manipulated its token.
The hacker, who doxed himself as Avraham Eisenberg on Twitter, has since returned $67 million to the protocol, but kept $47 million as a bounty reward–one of the largest such rewards in crypto history.
Another victim was TempleDAO, a yield-farming DeFi protocol built on Ethereum, which lost over $2 million due to some technical discrepancies in the protocol.
Layer-1 blockchain QANplatform followed suit, suffering a bridge hack that resulted in the theft of more than $1 million. Hackers also attacked the Ethereum-based wallet service Rabby, which saw its Rabby Swap feature exploited and around $200,000 drained.
Prior to these attacks, Binance Chain (BNB) had also suffered a major hack. The event saw the perpetrator make away with an approximate $100 million worth of tokens after exploiting the BSC Token Hub—a cross-chain bridge between the BNB Smart Chain and the BNB Beacon Chain.
On the Flipside
- It’s unclear how the hacker was able to carry out the exploit.
- The refunds promised by BitKeep will not be automatic, and users will first be required to apply through a compensation portal to be considered.
Why You Should Care
The BitKeep exploit is just one of the dozen hacks that have occurred in October. Users should double-check if their funds are safe wherever they’re holding them.