Threat actors spent holidays hijacking APK package downloads, the Bitkeep team confirmed.
Users of the decentralized multi-chain crypto wallet Bitkeep reported their wallets automatically transferred funds off their accounts this weekend.
According to the official Bitkeep telegram channel, an investigation revealed that unidentified threat actors injected the system with likely malicious code.
“After preliminary investigation by the team, it is suspected that some APK package downloads have been hijacked by hackers and installed with code implanted by hackers,” Bitkeep said on Telegram.
According to the company, if users had their funds stolen, the app they downloaded might be an unofficial hijacked version of the real Bitkeep wallet app.
“Now for the safety of user funds, if you downloaded the APK version, please transfer the funds to the wallet downloaded from another official store,” the company said.
According to a blockchain security company PechShieldAlert, threat actors managed to steal millions of dollars in various cryptocurrencies. Researchers claim that crooks managed to siphon $8 million worth of Binance Coin, Ether, Tether, and Dai.
Researchers believe the overall amount of stolen funds may be even greater, but it is too early to tell at this moment.
Bitkeep is a Singapore-based decentralized finance (DeFi) company. DeFi is a blockchain-based technology that gained attention because it is considered a safer way to conduct transactions.
However, according to blockchain research firm Chainalysis, threat actors stole $3.2 billion worth of cryptocurrency in 2021 and $1.3 billion in only the first three months of 2022.
More from Cybernews:
Subscribe to our newsletter