Hacker steals $1 million from BitKeep's token swap service

On Monday, an unknown hacker targeted the token swap service offered by BitKeep, a multi-chain crypto wallet.

The exploiter was able to steal $1 million in crypto tokens from users that had approved tokens on the BitKeep's swap service, also called a swap router, on the BNB Chain and Polygon. The stolen funds were later routed through crypto mixer Tornado Cash in an effort to obfuscate activity. 

"BitKeep Swap was hacked, and our development team has managed to contain the emergency and stopped the hacker. The attack was directed to the BNB Chain, causing a loss of about $1 million," the team tweeted.

Igor Igamberdiev, Research Director, Data at The Block, explained that BitKeep’s swap contract had previously contained a logic error that allowed the hacker to make a malicious call and seize users' funds. The vulnerability emerged from the BitKeep swap contract’s lack of input validation, allowing the attacker to trick input values. This means the exploiter was able to make illegitimate swaps from addresses that had approved to spend on BitKeep’s swap router.

BitKeep says it will refund all victims that had funds stolen during the incident.

"BitKeep will launch a compensation portal within 3 working days for all victims to apply for refund," the project said.

Still, the incident represents another addition to the list of exploits that have plagued the crypto sector this month. So far in October, more than $700 million has been lost across more than a dozen notable exploits, according to Chainalysis estimates.

These include the $2 million exploit of QANplatform, $2.34 million stolen from RabbySwap, $100 million hack of BSC Token Hub and the $114 million attack on Mango Markets.