BitKeep, a decentralised crypto wallet, became a victim of supply chain attack that resulted in the theft of over $9 million worth of digital currencies from its customers.
The attackers were able to hijacked BitKeep App 7.2.9 APK hosted on the company website, replaced with the malicious version that designed to steal digital assets, app installed via Google Play, iOS App Store, and Google Chrome are safe.
The hijacked APK versions are as follows:
- 7.2.9 com.bitkeep.w4
- 7.2.9 com.bitkeep.wallet5
- 7.2.9 io.bitkeep.wallet
- 7.2.9 http://com.bitkeep.app
- 7.2.9 com.bitkeep.w5.
Users who have downloaded the APK file for version 7.2.9 on the BitKeep website have to remove it and install the latest version (7.3.0). They have to transfer the funds to a newly generated wallet address.
The company is working with security teams to track the stolen funds and announced it has locked and frozen parts of the stolen tokens.
Earlier in October, the company suffered another security breach impacting its Swap service that caused losses of approximately $1 million.
Threat actors continue to target the cryptocurrency industry, yesterday BTC.com announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets.