BitKeep CEO Open Letter: Fully committed to recovering user assets, swiftly proceeding with asset transfer

share
BitKeep CEO Open Letter: Fully committed to recovering user assets, swiftly proceeding with asset transfer

The multi-chain wallet BitKeep reported on Monday 26th that a large number of user assets were stolen, with preliminary investigations suggesting that the hacking may have been caused by the hijacking of some APK downloads. Yesterday, BitKeep issued a statement on its official Twitter account regarding the incident, and today the CEO of BitKeep also released a statement, promising to provide users with a satisfactory explanation.

Official Statement on BitKeep Hack Incident

A large-scale hacking incident occurred between 3-4 AM on 12/26, involving thousands of users and resulting in around $8 million being stolen.

Initial investigations suggest that the latest BitKeep 7.2.9 APK download package was compromised by hackers and injected with malicious code. Users who downloaded this unofficial version of the app had their assets stolen by hackers.

The compromised APK versions include:

  • 7.2.9 com.bitkeep.w4
  • 7.2.9 com.bitkeep.wallet5
  • 7.2.9 io.bitkeep.wallet
  • 7.2.9 com.bitkeep.app
  • 7.2.9 com.bitkeep.w5

The stolen funds are concentrated on the BNB chain, Ethereum, and Polygon.

A Letter from the CEO of BitKeep to Our Valued Users

Following the incident, BitKeep CEO Kevin addressed the current situation in a letter to our valued users. Here is the full text of his message:

Dear BitKeep Users:

It has been 40 hours since the hacking incident on 12/26. As the CEO of BitKeep, along with the entire technical team, we have been tirelessly working to resolve the issue. We are deeply saddened by the users affected by the attack and their losses. With the support of our users, the efforts of our technical team, and our partners, there have been some positive developments: we have frozen a portion of the hackers' funds, and the work to recover the remaining losses is in progress.

This is a massive and extremely malicious hacking incident. The BitKeep APK 7.2.9 installation package was compromised by hackers, leading to some users using an application package with implanted code that leaked their private keys. We once again urge all users to consider the security of your assets. If you downloaded and updated version 7.2.9 via Android APK, there is a high probability that your private keys have been compromised. Please transfer your assets to a newly generated wallet address as soon as possible.

Since the theft incident early yesterday morning, we have been actively exploring response measures and making multiple efforts: we have promptly contacted security teams like SlowMist and other partners to track funds, lock and freeze stolen user funds to the best of our ability. On the other hand, we are actively collecting information on stolen assets from users, tracing the flow and timeline of stolen coins, and collecting all evidence of hackers using alternative packages to hijack version 729. The team will continue to announce progress on Twitter.

The BitKeep team is currently very stable. Myself and other core team members are fully committed to recovering assets for our users, which is our top priority at the moment. In the future, we will thoroughly reconstruct and upgrade our technical solutions, with security at the core of our entire business. For users who have lost coins, please rest assured that we will provide a satisfactory explanation.

Finally, I want to say to all users who support BitKeep, to my respected and beloved colleagues, and to our long-term partners: our determination to make BitKeep better will not waver. Our mission to make BitKeep the highest quality and most secure wallet will not change. Our vision to make BitKeep users the most secure crypto users will not falter.

Like a phoenix rising from the ashes, we will certainly emerge stronger!

Kevin, BitKeep CEO