The Token Swap Service of BitKeep was Breached, and $1 Million was Stolen

On October 18, an unidentified hacker attacked BitKeep, a multi-chain cryptocurrency wallet, and its token swap service.

The BitKeep swap service, otherwise known as a swap router, on the BNB Chain and Polygon allowed users to authorize tokens, and the hacker was capable of obtaining $1 million in cryptocurrency tokens from those users. In an attempt to conceal activity, the stolen money was then transferred through Tornado Cash, a cryptocurrency mixer.

Members of the team took to Twitter to say that “BitKeep Swap was hacked, and our development team has managed to contain the emergency and stopped the hacker. The attack was directed to the BNB Chain, causing a loss of about $1 million.” 

 Apparently, a flaw in BitKeep’s swap contract previously enabled a hacker to initiate a fraudulent call and take control of users’ money. The BitKeep swap contract’s absence of an authentication mechanism led to the weakness, which made it possible for a hacker to spoof input data. This indicates that the attacker was enabled to do unauthorized swaps using addresses that had been granted permission to spend on the swap router of BitKeep.

According to BitKeep, any victims who had money taken during the incident will receive a reimbursement, saying that “BitKeep will launch a compensation portal within 3 working days for all victims to apply for refund.”

Nevertheless, the incident adds to the long series of breaches that have dogged the cryptocurrency industry this month. As per Chainalysis assessments, over $700 million has been stolen thus far in October over a number of noteworthy instances.

These consist of the $2 million QANplatform breach, the $2.34 million RabbySwap breach, the $100 million BSC Token Hub compromise, as well as the $114 million Mango Markets hack.