Singapore-based crypto firm hit by Dec 26 hack, more than S$10 million lost


Affected users were advised to update to version 7.3.0 of the BitKeep app, which was put out on Dec 28. - SCREENGRAB: BITKEEP

SINGAPORE (The Straits Times/Asia News Network): More than US$8 million (S$10 million) was stolen from a Singapore-based crypto wallet provider on Dec 26, after a hacker manipulated files enabling users to download the wallets on their phones.

Thousands of users reported having their funds stolen from their BitKeep wallets that day, although it is not clear how many Singaporean users were affected.

According to blockchain security and data analytics company PeckShield, the cryptocurrencies stolen consisted of Binance’s BNB Coin, stablecoins Tether and Dai, as well as Ether.

The Straits Times has contacted BitKeep for more information but multiple attempts to do so via e-mail and social media have gone unanswered.

Efforts to pinpoint its office in Singapore or unique entity number yielded no results, and the firm did not have a listed phone number here.

In a statement on the Bitkeep website last Wednesday, BitKeep chief executive Kevin Como acknowledged the incident and said the hacker had done so by hijacking and installing code on version 7.2.9 of the APK files available for download on the website.

APK files allow Android users to download apps directly onto their devices without going through the Google Play Store.

“With maliciously implanted code, the altered APK led to the leak of users’ private keys and enabled the hacker to move funds,” Mr Como said, adding that users who downloaded the app from Apple’s App Store, the Google Play Store or Chrome Web Store were unaffected.

On its official Telegram channel, affected users were advised to update to version 7.3.0 of the BitKeep app, which was put out on Dec 28.

They would then need to create a new crypto wallet and transfer all their available assets.

Meanwhile, the firm said it is working to recover the stolen funds, with affected users urged to fill in a Google form detailing the amount they lost.

ST understands that BitKeep did not apply for a licence to provide digital payment token services under the Payment Services Act. This means that its cryptocurrency wallet may not fall under the category of a regulated service in Singapore.

BitKeep is also not a notified entity, which means it has not been granted a temporary exemption from holding a licence by the Monetary Authority of Singapore.

This is not the first time that BitKeep, which claims to have more than 8 million users across 168 countries, has suffered from a hack resulting in stolen funds.

In Oct 2022, more than US$1 million was stolen after hackers exploited a vulnerability that allowed them to perform cryptocurrency token swaps from users’ accounts.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Singapore , crypto , hack , BitKeep

   

Next In Aseanplus News

Peregrine falcon nest documented for first time in downtown Singapore
Top Japan pair lose and Aaron-Wooi Yik sneak into World Tour Finals
Wealthy countries back raising COP29 climate deal to $300 billion, sources say
Mpox remains and international public health emergency, says WHO Chief
South-East Asian defense chiefs discuss regional security with US, China and other partner nations
Probe into acid attack on Faisal Halim never stopped, says IGP
G20 leaders’ declaration urges ‘action’ on wars in Ukraine and Middle East, climate change
UN expert: Myanmar's desperate military ramps up attacks including beheadings, rapes and torture
Laos government says 'profoundly saddened' by tourist deaths due to methanol poisoning
Philippine VP says she would have Marcos assassinated if she is killed

Others Also Read