Decentralized multichain wallet BitKeep lost $1 million on Oct. 17 to a hacker who exploited its swap features on the BNB chain.
Blockchain security company PeckShield first drew attention to the hack on Oct. 17 before BitKeep confirmed the event during the early hours of Oct. 18. The security company urged users to revoke approval to their wallet at the time of the hack.
It seems a swap/router (@BitKeepOS ?) is being exploited (w/ loss ~$1M): Please revoke:
(2) Connect your wallet
(3) Check Include unregistered tokens ..
(3) Search for 0x75eb..12de to see if any have approvals
(4) Revoke approval if exist
— PeckShield Inc. (@peckshield) October 17, 2022
BitKeep’s team respond
BitKeep stated that its development team was able to contain the attack, adding that the hacker was stopped before he inflicted more damage. Nevertheless, the team has decided to suspend its swap service to prevent future security issues and will work with major security agencies to track the hacker.
?1/4 ?About the #BitKeep Swap hacking incident and its solution:
Dear BitKeep Swap user, BitKeep Swap was hacked, and our development team has managed to contain the emergency. The hacker has been stopped. The attack happened on BNB Chain, causing a loss of about $1 million.
— BitKeep Wallet (@BitKeepOS) October 17, 2022
It continued that it would work to reimburse victims of the hack while promising anyone with information to track the hacker and recover the stolen funds a handsome reward.
“BitKeep sincerely apologize for the inconvenience caused. We will cooperate with security agencies in the industry to strengthen the security of BitKeep Swap and ensure the safety of users’ assets.”
The team further launched a Safety Assurance feature that allows users to check if their wallet is at a security risk caused by the Swap transaction.
BitKeep has launched a Safety Assurance feature for you to run a quick and thorough check to detect whether your wallet address has over-authorized DApps or has security risks caused by Swap transaction authorizations.
?Click the link to know more: https://t.co/0xImdRsMWz pic.twitter.com/wABYfUA08n
— BitKeep Wallet (@BitKeepOS) October 18, 2022
The recent exploit adds to the growing list of hacks the crypto space has seen this October.
According to a Chainalysis report, DeFi protocols have lost a combined $718 million from 11 hacks –around 30% of the $3 billion stolen in crypto hacks this year.
These hacks appear to be targeting DeFi bridges and swaps. Binance-backed BNB Chain lost around $100 million to a hacker who stole over $500 million from its cross-chain bridge. Mango Markets was exploited for $114 million, and DEX aggregator TransitSwap got hacked for more than $21 million through a bug in its internal swap contract.