BitKeep’s Swap Service Exploited for $1 Million

  • The attacker was able to make illegitimate swaps from BitKeep addresses that had approved tokens on the wallet’s Swap router on BSC and Polygon.
  • The platform noted it will launch a compensation portal within three days, and reimburse 100% of the tokens stolen from users.


Unknown attacker has targeted the token swap services of multi-chain crypto wallet BitKeep, and stolen roughly $1 million in BNB Chain and Polygon tokens, the platform said on Twitter on 18 October.

According to the announcement, the hacker exploited a security weakness that allowed him to make illegitimate swaps from BitKeep addresses that had approved tokens on the wallet’s swap router on BSC and Polygon. While the hacker was able to steal roughly $1 million in tokens, the BitKeep development team was able to quickly react to the incident, and suspended the Swap service to ensure no further assets were lost to the exploit.

The attacker has already routed the stolen tokens through the Tornado Cash crypto mixer in an attempt to obfuscate their origin. Hours after the incident, BitKeep’s development team launched a “Safety Assurance” feature that allowed users to quickly check whether their wallet address had any security risks caused by Swap transaction authorizations.

The platform has already contacted the relevant security agencies to help it track down the hacker, and recover the stolen assets. BitKeep noted that all affected users will have their tokens back, and that a compensation portal will be launched within 3 working days. The platform also promised to upgrade its security audit management and user safety measures on a “full scale” to provide users with real peace of mind.

This incident is the latest in a series of exploits that have made this month historically the most profitable for crypto criminals. Last week, blockchain analytics company Chainalysis revealed that more than $700 million had been stolen across 11 different hacks in the first two weeks of October, and that 2022 was turning out to be the biggest year for crypto crimes.

Related Coverage
Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
August 28, 2023, 1:55 PM


Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.
Terra Freezes Website, Warns Against Phishing Scams
  • Blockchain network Terra said its website was compromised by hackers over the weekend, and warned users against ongoing phishing scams.
  • The platform later froze its website to prevent the hackers from exploiting it, and reminded users to avoid websites with the domain for now.