You are not alone if you thought 2022 was a terrible year for the crypto market.
There were so many cryptocurrency crashes last year, from Terra to FTX. To end the year with a bang, we have hacking incidents now.
On 26 December 2022, thousands of BitKeep users woke up to see their funds drained from their accounts. It was not a pleasant present to unwrap on Boxing Day.
Singapore-based crypto wallet provider BitKeep was hit by a hack on 26 December 2022. The hackers drained users’ cryptocurrency funds, resulting in over S$10 million stolen.
BitKeep has eight million crypto users from 168 countries on board. They did not disclose how many users were affected by the incident. It is suspected that the numbers lie in the thousands range so far.
Crypto coins stolen from this hack included BNB Chain, Ethereum, TRON and Polygon, according to BitKeep reports.
You may ask, how the heck did the hack happen? Read on to find out how the hackers did it.
How the Hack Happened
The hackers had hijacked the latest BitKeep Android APK 7.2.9 files and implemented their codes. They spread the files to unaware users to download onto their mobile devices.
BitKeep claims that funds are stolen from users who have downloaded the unofficial version of their wallet application. Users who had downloaded their application through official stores, such as Google Play or the iOS App store, did not face this security breach.
Their codes manipulate and enable funds to be wired to the hackers’ accounts.
They then converted about S$10 million worth of crypto coins into Tether cryptocurrency.
You can read a summary of the hack by BitKeep here, where they summarise the 5W1Hs of the incident.
BitKeep CEO Responds
Two days after the hack, the CEO and Founder of BitKeep, Kevin Como, penned an open letter to all users on the company’s blog.
In the letter, Como emphasised that the BitKeep team is “pulling all strings [they] can” to recover the stolen assets. He also assures affected users that they will be working to compensate for their losses. Paying users is a “top priority” for him and his team at the current moment.
He also advised all users to update their application to version 7.3.0, made available on 28 December 2022, two days after the hack happened.
Past Hacking Incidents
It was not the first time BitKeep had encountered a hacking incident.
In October 2022, they were targeted for another security weakness involving their swap functionality feature for their tokens on-chain.
Usually, users will create approvals for themselves for transactions, which would then authorise parties to extract specific crypto tokens from their accounts. The hackers could authorise themselves to approve fund transfers from users’ wallets to their own.
This hack resulted in about S$1.3 million funds loss.
BitKeep channels S$1.3 million as a seed fund to help safeguard its users’ assets. Some of that fund also includes investing in security technology to protect accounts from being hacked.
Given the two hacking incidents in under three months, they should channel more financial resources to security technology.
They also promise compensation to users who suffered financial loss from hacking incidents due to BitKeep’s fault. Users are advised to email them within 30 days of the incident.
They are also reaching out to affected users, asking for their input about the incident on Google Forms.
Users’ Loss of Confidence in BitKeep
BitKeep users are unhappy about this incident, understandably so.
BitKeep users took to Twitter to voice their unhappiness about the hack.
Some users advised others not to use BitKeep for crypto transactions after the hack, suggesting the BitKeep wallet was unsafe.
BitKeep’s official Telegram group also saw many users lamenting that BitKeep’s credibility has gone down amidst compensation demands.
Some of them are also displeased about the crypto wallet’s security condition. With two hacks in under three months, it is no shocker that users question the defences BitKeep has against hackers.
BitKeep in Singapore
In Singapore, BitKeep is not a regulated crypto service under the Payment Services Act 2019. They had not applied for the scheme, even though they are Singapore-based and founded in 2018.
Singaporean users will not be protected by any losses incurred from unregulated services. Here is a list of 11 regulated crypto services here in Singapore.
Think twice before playing with fire.
Featured Image: BitKeep / Telegram / Twitter