Not so jolly for Singapore-based crypto firm – lost more than US$ 8 million to a hack
- Over US$ 8 million was taken from a Singapore-based cryptocurrency wallet service on December 26.
- Downloads of APK packages had been made with malicious malware installed by some attackers in their official Telegram group.
Cryptocurrencies, like Bitcoin and Ethereum, have gained much attention in recent years, both as a means of financial transaction and as an investment opportunity. However, the popularity of crypto has also made it a target for cybercriminals to hack.
Over US$ 8 million was recently stolen from a Singapore-based cryptocurrency wallet provider on December 26 after a hacker manipulated files to allow customers to download the wallets on their phones. According to blockchain security and data analytics firm PeckShield, the stolen cryptocurrencies included Ether, stablecoins Dai and Tether and Binance’s BNB Coin.
One would assume that since it was the Christmas season, cybercriminals would take a vacation and enjoy themselves, but they were more determined than ever to cause havoc.
On December 26, some BitKeep customers who utilize the multichain cryptocurrency wallet claimed that money was being taken out of their wallets and transferred when they were not using them. A spokesman for BitKeep told The Straits Times that the company had taken precautions to protect users from future losses, such as tracking the addresses used in the breach and freezing some of the stolen money.
He added that a police report was filed at the end of December and that the police and cybersecurity professionals worked together to form a task force.
The BitKeep team acknowledged that some APK package downloads had been compromised by some attackers and deployed with malicious code in their official Telegram group.
Last Wednesday, BitKeep CEO Kevin Como released a statement on the company’s website acknowledging the incident and explaining how the hacker had carried it out by taking control of and inserting code on version 7.2.9 of the APK files available for download on the website. Android users can download apps directly to their devices using APK files instead of the Google Play Store.
Via its official Telegram channel, affected users were encouraged to update to BitKeep version 7.3.0, which was released on December 28.
As the hack continued, the BitKeep team advised its customers to move their money to a wallet that originated from an official source, such as Google Play or the Apple App Store. In addition, the team urged community members to use newly generated wallet addresses because their old ones may have already been “leaked to hackers.” The BitKeep team requested that the impacted users provide the pertinent information via a Google form to help with the investigation.
This hack was not the first time that BitKeep experienced it. On October 17 last year, a similar incident occurred when the attacker fled with BNB valued at US$ 1 million. The exploit was carried out through a service that permitted token swaps. The wallet company shut down the service and promised to compensate any impacted customers.
The state of crypto hack.
As reported above, the increased interest in cryptocurrencies has the potential to spur both the wrong kinds of motivation and opportunities for investment. Every year, more people lose their assets due to cryptocurrency fraud and scams, which are not their fault.
Since cryptocurrencies have become so popular in recent years, there have been costly hacks and scams involving them, including the Plus Token Ponzi. According to a report from CoinJournal, this scam is the most expensive crypto scam, with approximately US$ 3 billion worth of Bitcoin and Ethereum stolen. Plus Token was a Ponzi scheme that pretended to be an investment program. A Ponzi scheme is a form of fraud in which new investors are attracted to pay off older investors, deceiving its victims into believing the earnings result from legitimate commercial transactions.
WoToken was another Ponzi scheme that deceived over 700,000 users out of US$ 1 billion. WoToken was dubbed “Plus Token 2.0” by the media due to its resemblance to the Plus Token scam. Additionally, it was discovered that one of the WoToken members was part of the Plus Token scam.
There are cryptocurrency users and investors worldwide. Five APAC countries were discovered to be ranked in the top 10 worldwide, with South Korea and Japan coming in third and fourth, respectively. Singapore, meanwhile, came in ninth place with four breaches totaling US$ 14,600,000.
The interest in cryptocurrencies is natural, given their potential to revolutionize the financial sector. People must, however, adopt the necessary security measures to protect their assets and themselves against hacks and scams.
- Will AI put an end to the gig economy?
- Creating a recipe for sustainable data centers
- New types of malware surge by 70%, and cybercriminals increasingly target governments worldwide
- What could AI and automation look like in 2024?
- From AI-powered chips to chatbot: Here’s what was unveiled at AWS re-Invent 2023