BitKeep’s Swap Service Exploited for $1 Million

  • The attacker was able to make illegitimate swaps from BitKeep addresses that had approved tokens on the wallet’s Swap router on BSC and Polygon.
  • The platform noted it will launch a compensation portal within three days, and reimburse 100% of the tokens stolen from users.
bitkeep

Shutterstock

Unknown attacker has targeted the token swap services of multi-chain crypto wallet BitKeep, and stolen roughly $1 million in BNB Chain and Polygon tokens, the platform said on Twitter on 18 October.

According to the announcement, the hacker exploited a security weakness that allowed him to make illegitimate swaps from BitKeep addresses that had approved tokens on the wallet’s swap router on BSC and Polygon. While the hacker was able to steal roughly $1 million in tokens, the BitKeep development team was able to quickly react to the incident, and suspended the Swap service to ensure no further assets were lost to the exploit.

The attacker has already routed the stolen tokens through the Tornado Cash crypto mixer in an attempt to obfuscate their origin. Hours after the incident, BitKeep’s development team launched a “Safety Assurance” feature that allowed users to quickly check whether their wallet address had any security risks caused by Swap transaction authorizations.

The platform has already contacted the relevant security agencies to help it track down the hacker, and recover the stolen assets. BitKeep noted that all affected users will have their tokens back, and that a compensation portal will be launched within 3 working days. The platform also promised to upgrade its security audit management and user safety measures on a “full scale” to provide users with real peace of mind.

This incident is the latest in a series of exploits that have made this month historically the most profitable for crypto criminals. Last week, blockchain analytics company Chainalysis revealed that more than $700 million had been stolen across 11 different hacks in the first two weeks of October, and that 2022 was turning out to be the biggest year for crypto crimes.

Discussion
Related Coverage
FTX Owes Over $3B to Top 50 Creditors, Liquid Pauses All Trading
  • New bankruptcy court filings revealed that FTX owed its top 50 creditors around $3 billion, with sums ranging from $21 million and $226 million.
  • Japanese crypto exchange Liquid, which was acquired by FTX in May, suspended all trading on its platform only five days after pausing crypto and fiat withdrawals.
November 21, 2022, 12:08 PM
FTX

Shutterstock

FTX Bankruptcy Filing Says it May Have Over 1M Creditors
  • A new document filed with the bankruptcy court in Delaware shows that troubled crypto exchange FTX may have more than one million creditors.
  • FTX has also filed a motion to group its more than 100 entities that are filing for bankruptcy together, rather than treating them as individual cases.
FTX Hacked, Exchange Under Investigation in the Bahamas
  • Shortly after filing for bankruptcy on Friday, FTX experienced a hack that saw close to $500 million in tokens leaving the exchange.
  • The Bahamas Securities Commission and the Financial Crimes Investigation Branch of the police have launched an investigation into the exchange to check if any criminal misconduct took place in FTX.