Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Singapore-based crypto firm hit by Boxing Day hack, more than $10 million lost | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

SINGAPORE – More than US$8 million (S$10 million) was stolen from a Singapore-based crypto wallet provider last Monday after a hacker manipulated files enabling users to download the wallets on their phones.

Thousands of users reported having their funds stolen from their BitKeep wallets on Boxing Day, although it is not clear how many Singaporean users were affected.

According to blockchain security and data analytics company PeckShield, the cryptocurrencies stolen consisted of Binance’s BNB Coin, stablecoins Tether and Dai, as well as Ether.

The Straits Times has contacted BitKeep for more information but multiple attempts to do so via email and social media have gone unanswered.

Efforts to pinpoint its office in Singapore or unique entity number yielded no results, and the firm did not have a listed phone number here.

In a statement on the Bitkeep website last Wednesday, BitKeep chief executive Kevin Como acknowledged the incident and said the hacker had done so by hijacking and installing code on version 7.2.9 of the APK files available for download on the website.

APK files allow Android users to download apps directly onto their devices without going through the Google Play Store.

“With maliciously implanted code, the altered APK led to the leak of users’ private keys and enabled the hacker to move funds,” Mr Como said, adding that users who downloaded the app from Apple’s App Store, the Google Play Store or Chrome Web Store were unaffected.

On its official Telegram channel, affected users were advised to update to version 7.3.0 of the BitKeep app, which was put out on Dec 28.

They would then need to create a new crypto wallet and transfer all their available assets.

Meanwhile, the firm said it is working to recover the stolen funds, with affected users urged to fill in a Google form detailing the amount they lost.

ST understands that BitKeep did not apply for a licence to provide digital payment token services under the Payment Services Act. This means that its cryptocurrency wallet may not fall under the category of a regulated service in Singapore.


Click Here For The Original Story From This Source.

National Cyber Security