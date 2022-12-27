Insights from a report by blockchain analytics provider OKLink stated that the Bitkeep exploit on December 26, 2022, utilised phishing sites to trick users into downloading fake wallets, as reported by Cointelegraph.

According to Cointelegraph, the report mentioned about the attacker setting up fake Bitkeep websites which consisted of an APK file which reprised version 7.2.9 of the Bitkeep wallet. It is believed that upon users’ updation of wallets by downloading the wrong file, their private keys or seed words were stolen and sent to the attacker.

On the basis of information by Cointelegraph, reportedly, the report didn’t state how the illegal file stole the users’ keys in an unencrypted form. However, it may have asked the users to re-enter their seed words due to the “update,” which the software could have logged and sent to the attacker. After securing private users’ private keys, the attacker unstaked all assets and sent them into five wallets under the attacker’s control. The attacker reportedly tried to cash out a certain amount of the funds through centralised exchanges: 2 ETH and 100 USDC were sent to Binance, and 21 ETH were sent to Changenow.

It is believed that the exploit happened across five networks: BNB Chain, Tron, Ethereum, and Polygon, and BNB Chain bridges Biswap, Nomiswap, and Apeswap, were utilised for bridging certain tokens to Ethereum. Moreover, Cointelegraph noted that more than $13 million worth of crypto was stolen in the attack.

