Hacker steals $1 million from BitKeep’s token swap service
- A hacker stole $1 million from users of the BitKeep token exchange service.
- BitKeep says it will compensate any victims who lost funds in
On Monday, an unknown hacker attacked the token exchange service offered by BitKeep, a multi-chain crypto wallet. The exploiter was able to steal $1 million worth of crypto tokens from users who had approved tokens on the BitKeep exchange service, also known as the exchange router, on BNB Chain and Polygon. The stolen funds were then funneled through cryptomixer Tornado Cash to disguise the activity. The attack targeted the BNB chain and caused a loss of around $1 million,” the team tweeted.
Igor Igamberdiev, head of data research at The Block, explained that BitKeep’s trading contract previously contained a logic flaw that allowed the hacker to make a malicious call and confiscate user funds. The vulnerability resulted from a missing input validation, which allows the attacker to forge input values. This means that the exploiter was able to perform illegitimate swaps of addresses it approved to dump on the BitKeep swap router. BitKeep says it will refund to all victims who had funds stolen during the incident.
BitKeep will launch a compensation portal for all victims to request a refund within 3 business days,” the project said. Still, the incident represents another addition to the list of vulnerabilities that have impacted the cryptocurrency sector this month. Chainalysis estimates that more than $700 million has been lost in more than a dozen notable exploits so far in October.
These include the $2 million QANplatform exploit, the $2.34 million RabbySwap heist, the $100 million BSC Token Hub hack, and the Mango attack $114 million in markets.