BitKeep’s Swap Service Exploited for $1 Million

Unknown attacker has targeted the token swap services of multi-chain crypto wallet BitKeep, and stolen roughly $1 million in BNB Chain and Polygon tokens, the platform said on Twitter on 18 October.

According to the announcement, the hacker exploited a security weakness that allowed him to make illegitimate swaps from BitKeep addresses that had approved tokens on the wallet’s swap router on BSC and Polygon. While the hacker was able to steal roughly $1 million in tokens, the BitKeep development team was able to quickly react to the incident, and suspended the Swap service to ensure no further assets were lost to the exploit.

The attacker has already routed the stolen tokens through the Tornado Cash crypto mixer in an attempt to obfuscate their origin. Hours after the incident, BitKeep’s development team launched a “Safety Assurance” feature that allowed users to quickly check whether their wallet address had any security risks caused by Swap transaction authorizations.

The platform has already contacted the relevant security agencies to help it track down the hacker, and recover the stolen assets. BitKeep noted that all affected users will have their tokens back, and that a compensation portal will be launched within 3 working days. The platform also promised to upgrade its security audit management and user safety measures on a “full scale” to provide users with real peace of mind.

This incident is the latest in a series of exploits that have made this month historically the most profitable for crypto criminals. Last week, blockchain analytics company Chainalysis revealed that more than $700 million had been stolen across 11 different hacks in the first two weeks of October, and that 2022 was turning out to be the biggest year for crypto crimes.