Hacker Loots $1M From Bitkeep’s Swap Router

Jethro Sandico

Oct. 18, 2022

Multi-chain crypto wallet BitKeep’s swap service was targeted by an unknown hacker on October 18, 2022. The attacker stole $1 million in $BNB tokens from the platform’s users.

“BitKeep Swap was hacked, and our development team has managed to contain the emergency and stopped the hacker. The attack was directed to the BNB Chain, causing a loss of about $1 million,” BitKeep stated.

According to reports, the hacker exploited the platform’s swap feature. The thief later routed the stolen funds through cryptocurrency tumbler Tornado Cash. This ploy intends to cover up their tracks and create confusion.

BitKeep Takes Action

BitKeep swiftly took action and suspended its Swap service. This ensures that the system will not experience further security breaches. The platform also launched a “wallet safety assurance” feature, along with a “one-tap repair” feature.

The company proceeded to contact major security agencies to help track down the perpetrators. They also assured reimbursement for users who suffered setbacks in the attack. In addition to that, the team promised rewards for individuals who can assist in identifying the hackers.

“BitKeep apologizes for the inconvenience caused. Please rest assured that all your assets in your BitKeep Wallet are safe. We’ll cooperate with security agencies in the industry to strengthen the security of BitKeep Swap & ensure the safety of users’ assets,” the team stated.

Furthermore, BitKeep has announced that a compensation portal is in the works. Within three working days, the platform will be available for all victims to apply for a refund. BitKeep assured their customers that the company will “compensate 100% of the stolen assets.”

What Exactly Happened?

The Block research director, data Igor Igamberdiev, explained that users who approved tokens to the BitKeep router lost $1.05 million. This includes accounts on the Binance Smart Chain, and Polygon. BitKeep swap contract’s lack of input validation created some vulnerabilities in the system. 

“When calling the router, the exploiter used token contracts and transferFrom() with the specific sender as a swap pool call,” Igamberdiev said. “I also recommend that you revoke approvals on other EVM chains if you have used this router in the last month, as there is a possibility for the attack to continue.”

October Attacks

BitKeep is not the only blockchain entity that hackers targeted this month. On October 7, well-known ecosystem the Binance Smart Chain, halted its operations after attackers took away $100 million from a user’s account. 

Moreover, Solana-based Decentralized Finance (DeFi) platform Mango Markets also lost $100 million, when hackers drained the exchange. The attack on Mango used collateral manipulation.

About BitKeep

BitKeep is a multi-chain cryptocurrency wallet. According to the company, the non-custodial wallet provides over 70 mainnets, 220,000 crypto assets, for six million users all over the globe.

“We believe the future of blockchains rely heavily on its underlying protocols. It’s important to provide people with the accessibility to these ecosystems where thousands of emerging decentralized projects are born,” BitKeep CEO Kevin Como stated in late-March 2022.

Stay up to Date

Subscribe to our newsletter: Web3 Gaming News and Research