Decentralized multi-chain wallet BitKeep lost $1 million on October 17th to hackers who abused the BNB chain’s swap functionality.
Blockchain security firm PeckShield first drew attention to the hack on October 17th, after BitKeep confirmed the event in the early hours of October 18th.
It seems to be a swap/router (@bitkeep OS ?) Exploited (lost ~$1M): Please cancel:
(2) Connect Wallet
(3) Check Include unregistered tokens.
(3) Search for 0x75eb..12de to see if there is authorization.
(4) Revoke approval if it exists
— PeckShield Inc. (@peckshield) October 17, 2022
BitKeep Team Responsible
BitKeep said its development team was able to contain the attack, adding that it stopped the hackers before they could do more damage. Nevertheless, the team decided to suspend the swap service to prevent future security issues, and worked with major security agencies to track down the hackers.
About 🧵1/4 🚨 # bit keep Swap hacking incident and its solution:
Dear BitKeep Swap users, BitKeep Swap was hacked, but the development team was able to contain the emergency. Hacker stopped. The attack occurred on his BNB chain, causing a loss of around $1 million.
— BitKeep Wallet (@BitKeepOS) October 17, 2022
It went on to promise to refund victims of the hack and promise substantial rewards to anyone with information to track down the hackers and recover the stolen funds.
“BitKeep apologizes for the inconvenience. We are working with industry security agencies to enhance the security of BitKeep Swap to ensure the safety of our users’ assets.”
The team has also launched a safety assurance feature that allows users to check if their wallets are exposed to security risks caused by swap transactions.
BitKeep has launched a safety assurance feature. This allows you to quickly and thoroughly check your wallet address for over-approved DApps or security risks caused by swap transaction approvals.
👉 Click the link for more information: https://t.co/0xImdRsMWz pic.twitter.com/wABYfUA08n
— BitKeep Wallet (@BitKeepOS) October 18, 2022
The recent exploit adds to the list of confirmed hacks in the crypto space this October.
Chainalysis reports that DeFi protocols lost a total of $718 million in 11 hacks. That’s about 30% of the $3 billion stolen in cryptocurrency hacks this year.
These hacks appear to target DeFi bridges and swaps. Binance-backed BNB chain lost about $100 million to a hacker who stole more than $500 million from his cross-chain bridge. Mango Markets was exploited for his $114 million and DEX aggregator TransitSwap had him hacked over $21 million due to a bug in an internal swap contract.