Hacker exploits BitKeep's token swap service for $1 million

On Tuesday, the attacker drained approximately $1 million from the multichain wallet provider BitKeep by exploiting the wallet’s swap feature.

Blockchain security company PeckShield was the first to notice the exploit, recommending a set of measures for users to ensure the safety of their funds. According to the early reports, the attack happened on the BNB Chain and Polygon, and the stolen funds were sent through Tornado Cash mixer to conceal the origins of illegally obtained crypto.

BitKeep announced it managed to contain the emergency after suspending swap service to ensure that “there are no other asset security issues.” The wallet provider also announced plans to reimburse all affected users and promised high rewards for assistance in identifying the attacker.

“Dear BitKeep Swap user, BitKeep Swap was hacked, and our development team has managed to contain the emergency. The hacker has been stopped. The attack happened on BNB Chain, causing a loss of about $1 million,” the project tweeted.

“BitKeep apologizes for the inconvenience caused. Please rest assured that all your assets in BitKeep Wallet are safe. BitKeep will engage and cooperate with major security agencies, and will upgrade BitKeep’s Security audit management and user safety measurement on a full scale to provide users with real peace of mind. Please stay tuned for updates in the following days,” the compensation plan reads.

BitKeep becomes the latest victim in a string of DeFi exploits that have shaken the crypto industry this month. According to the blockchain analytics company Chainalysis, October 2022 became “the biggest month in the biggest year ever for hacking activity, with more than half the month still to go,” as it has seen a record $718 million stolen across 11 different attacks on DeFi protocols.