Hacker Steals $1m from Multi-Chain Crypto Wallet BitKeep - Blockchain.News

Hacker Steals $1m from Multi-Chain Crypto Wallet BitKeep

BitKeep was robbed of $1 million in crypto tokens. The users who were robbed had approved their tokens on BitKeep's swap service - called a swap router - on the BNB Chain and Polygon.

  • Oct 19, 2022 10:40
Hacker Steals $1m from Multi-Chain Crypto Wallet BitKeep

BitKeep's token swap service was attacked on Monday by an unknown hacker.

shutterstock_2188675373 i.jpg

The multi-chain crypto wallet was robbed of $1 million in crypto tokens. The users who were robbed had approved their tokens on BitKeep's swap service - called a swap router - on the BNB Chain and Polygon.

Reports said that the stolen funds were later scattered through Tornado Cash's crypto mixer to avoid being traced.

The team tweeted, "BitKeep Swap was hacked, and our development team has managed to contain the emergency and stopped the hacker. The attack was directed to the BNB Chain, causing a loss of about $1 million."

The hacker was able to seize users' funds by exploiting a previously contained logic error that allowed them to make a malicious call.

The exploit was exposed to the hacker as BitKeep's swap contract lacked input validation, which further allowed the hacker to spoof input values. It reveals that the hacker was able to make illegitimate swaps from addresses that had approved to spend on BitKeep’s swap router.

Victims of the exploit shall be refunded, according to BitKeep.

"BitKeep will launch a compensation portal within 3 working days for all victims to apply for a refund," Bitkeep said.

Other Recent Hacks

Although small in comparison to other hacks, the hack on BitKeep is another case of exploits that have hit the crypto sector this month.

According to Chainalysis, in October alone, more than $700 million has been lost across more than a dozen notable exploits.

The most recent high-profile hack was witnessed by Mango Markets, which came less than a week from Binance's BNB blockchain's $80 million hack.

A hacker has stolen $100 million from Mango Markets in early October.

The trading and lending platform hosted on the Solana blockchain was exploited after manipulation in the price of Mango Market's native MANGO token via an oracle price manipulation attack.

According to Blockchain.News Mango Markets confirmed via a tweet that the company had begun investigating the matter. "We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight," the tweet said.

The hacker's wallet was funded from an FTX exchange account.

According to blockchain security firm Hacken's tweets, the hacker first opened an enormous size futures position, which resulted in MANGO token price pump. That further spiked the hacker's account collateral value and gave access to borrowing a large debt position across multiple coins on Mango Market's borrowing and lending platform.

According to Hacken, the hacker was then able to borrow and steal roughly $114 million across various tokens since the price of tokens and their collateral was manipulated much higher.

It is yet to understand how, exactly, the hacker was able to inflate MNGO's value in the eyes of the Mango protocol, according to Robert Chen from blockchain auditors OtterSec.

While in Binance's BNB blockchain hack case, $80 million worth of Binance Coins (BNB) were stolen after an exploit occurred on a bridge between blockchains.

According to Chainalysis, the total revenue for crypto crime in the first half of this year stood at $1.6 billion, less than the figure recorded in the first half of 2021. The drop in crypto crime figures has coincided with a fall in crypto values. However, some forms of crypto-crime have risen in the last year, such as the value of hacked crypto assets has increased from $1.2 billion to $1.9 billion.

While Bloomberg reported that about $2 billion had been lost in crypto hacks this year, many of those hacks were perpetrated by North Korea-linked groups, and cross-chain bridges used to transfer tokens across blockchains have been a popular target.

Image source: Shutterstock
. . .