BitKeep Gets Drained For $8 Million

in #hive-1679222 years ago

In today's edition of YIYL, (You Invest, You Lose) we take a look at the lie that is securely holding funds in a hot wallet and why it will always come back to burn shitcoiners.

In bitcoin, your best bet to secure your funds is to create a cold wallet with your own entropy and never allow those keys to touch the internet. You generate several public keys from your seed phrase and you keep dumping funds into the wallet. Bitcoin is not a yield-generating asset, it doesn't have to be, so storing it you won't be diluted, you know the supply and issuance.

In shitcoins you have to chase yield, you don't know the issuance rate, you don't know the supply, you don't know how the premine will affect your bags, so you're looking for local tops to sell into and you're looking to earn yield while you wait for tops so you're not totally diluted.

To do that you need your funds active in a hot wallet so you can react quickly enough and any hot wallet becomes an attack vector, be it the software, the node, the internet connection, the device or even the website you're signing on there are plenty of ways to part a shitcoiner with their money and it happens everyday.

Shitcoin wallets are swiss cheese

When you create a wallet that manages more than one token and speaks to different blockchains, its like adding more doors to your home with shoddy locks, if one of those doors are opened your stack is at risk.

While you think your coins are safe in your magic hot wallet hackers are hard at work On Dec. 26, some users of the multichain crypto wallet BitKeep reported that their funds were being drained and transferred while they were not using their wallets.

So far reports claim that the hack allowed the draining of $8 million in user funds in an ongoing BitKeep wallet exploit.

bitkeephack.png

A compromised APK

In their official Telegram group, the BitKeep team confirmed that some APK package downloads have been hijacked by some attackers and have been installed with code that was implanted by hackers so those users basically handed over their wallet access. This is the issue with downloading apps and thinking they are safe, when money is involved there is always an incentive to crack it wide open.

They wrote:

“If your funds are stolen, the application you download or update may be an unknown version (unofficial release version) hijacked.”

It's not over yet

As the hack continues, the BitKeep team urged its users to transfer their funds to a wallet that came from official sources like Google Play and the Apple App Store.

Apart from this, the team also asked community members to use newly created wallet addresses as their previous addresses may already be “leaked to hackers.”

To help with the investigation, the BitKeep team asked affected users to submit the relevant materials through a Google form they provided.

The damage toll continues

One suspected hacker wallet address already has more than $5 million in digital assets. While the amount exploited is still not final and the attackers are still currently transferring funds to multiple wallet addresses.

Not the first breach

This is not the first time BitKeep users got cleaned out and not even that long ago, back on Oct. 17, the BitKeep wallet also suffered an exploit with the attacker taking off with $1 million worth of BNB.

The exploit was conducted through a service that enabled token swaps. The wallet firm suspended the service and pledged to reimburse all the affected users.

The moral of the story here is that shitcoin wallets are larping products, they are security theatre and the idea of not your coins not your keys and all that really doesn't apply to these wallets.

Why? Because you're trusting a central entity's software, you're trusting their nodes, you're trusting all the third-party connections they add to the wallet. Shitcoin wallets are no better than a custodial service, its just moving the trust assumptions from one centralised entity to a few others who have even less responsibility to you as the user.

Personally, I'm always happy to see stories like this, on the selfish side it keeps adding to the points I try to make and teaches a tiny percentage of people that this crypto business is not for the little guy, you are only exit liquidity.

If that's what you want to be, don't let me stop you.

Sources:

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shopEarn Free Bitcoin & shopClaim Free Bitcoin & Shop
lightning.jpgSmiles.jpgthebitcoincompany.jpg

Posted Using LeoFinance Beta

Sort:  

I had never heard of this application, but I see that the thieves of the crypto world are increasing.

Lol if there's enough money in something to make it worth your time to go an attack, you'll see it happen, most of these crypto projects aren't designed with security first

right, you made a good point. We must actually think that there are many blockchain projects, probably many of these have not given the proper attention to the security factor

0x protocol wallets are malicious apps from day 1. I quit using metamask when I lost some crypto a year ago.

Posted Using LeoFinance Beta

I haven't used one in ages too, as soon as I figured out it was all larping I sold all my shitcoins and safely stored it in bitcoin

Yep, bitcoin wallets are much safer than metamask and similar craps.