<p><span style="font-weight: 400;">On Monday, an unknown hacker targeted the token swap service offered by BitKeep, a multi-chain crypto wallet.</span></p> <p><span style="font-weight: 400;">The exploiter was able to steal $1 million in crypto tokens from users that had approved tokens on the BitKeep's swap service, also called a swap router, on the BNB Chain and Polygon. The stolen funds were later routed through crypto mixer Tornado Cash in an effort to obfuscate activity. </span></p> <p><span style="font-weight: 400;">"BitKeep Swap was hacked, and our development team has managed to contain the emergency and stopped the hacker. The attack was directed to the BNB Chain, causing a loss of about $1 million," the team <a href="https://twitter.com/BitKeepOS/status/1582192711486296065">tweeted</a>.</span></p> <p><span style="font-weight: 400;">Igor Igamberdiev, Research Director, Data at The Block,</span> <a href="https://twitter.com/FrankResearcher/status/1582110080958615554"><span style="font-weight: 400;">explained</span></a><span style="font-weight: 400;"> that BitKeep’s swap contract had previously contained a logic error that allowed the hacker to make a malicious call and seize users' funds. The </span>vulnerability emerged from the BitKeep swap contract’s lack of input validation, allowing the attacker to trick input values.<span style="font-weight: 400;"> </span><span style="font-weight: 400;">This means the exploiter was able to make illegitimate swaps from addresses that had approved to spend on BitKeep’s swap router.</span></p> <p><span style="font-weight: 400;">BitKeep</span> <span style="font-weight: 400;">says</span><span style="font-weight: 400;"> it will refund all victims that had funds stolen during the incident. </span></p> <p><span style="font-weight: 400;">"BitKeep will launch a compensation portal within 3 working days for all victims to apply for refund," the project</span> <a href="https://twitter.com/BitKeepOS/status/1582318912662011904"><span style="font-weight: 400;">said</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">Still, the incident represents another addition to the list of exploits that have plagued the crypto sector this month. So far in October, more than $700 million has been lost across more than a dozen notable exploits,</span> <a href="https://www.theblock.co/post/176824/hacktober-surprise-worst-month-in-worst-year-of-hacks-chainalysis-says"><span style="font-weight: 400;">according to</span></a><span style="font-weight: 400;"> Chainalysis estimates. </span></p> <p><span style="font-weight: 400;">These include the</span><a href="https://www.theblock.co/post/176118/hacker-drains-1-million-from-qanplatform-bridge-token-slumps-94"> <span style="font-weight: 400;">$2 million</span></a><span style="font-weight: 400;"> exploit of QANplatform, $2.34 million stolen from RabbySwap,</span><a href="http://nl.theblockcrypto.com/ls/click?upn=qW-2BWskbkvE8hoYkD9cNmPO2soheajzov-2F-2BroXnWeq5LwVz6rdq7b-2BbyJFjHtNlpFcU4ce-2BTJbvi04eTZ-2FpZ95yVkpbGjfKGMr7Z-2Ft9iWBmlh6SmSFAmrpbEIgitYjV3ceZGjQ5ozfBET3eZA8TBhEA-3D-3D0CUx_8-2FF5Fe-2FBr57MriQQa7hEPblEuFtGs9Gc6191hiWJKRDJMYsOfqGIzGJHFr2x2-2B8IdJ2Sus485-2FcAeu9yDOuDyUBfAN99-2Bej-2FzEX9mkl9lMyy4YKziwNxw8QSHRWHgzQ2EC-2FUKjAESAQND2zl-2FlSLO5P0ql1FlbhllCgkEx7u9pbSprHzc0Tbt06W5AG1KIRiVy6hdiO2-2BdStOdJPlSXBxs7xtvHLkSfaYXxh3a1iMZ2eH0WSXkx7VvU-2FuHjjgMcJC-2FUe3UcvxXK-2BpNw5dQKaY-2BRMnRfqf9XsXNrj1lovlml-2FQTEgAwpu1A166nDzRJ4aUfxIsRz201MdpYBCvlCh1quRCa7NKEHQCRoLc-2FVPjghPBwOJw1gysulfJNgHq2wYs-2FEvrQ9X2aTdTAisSTBmu0s3GL0jipXr-2FHeA-2FLwNs6IrgXlXrIOLHG9th0TMXldiU58nCfno-2FmYqXeouklhjDljxNcb-2FbIuEitpnPkbJs83rlAZ5NKaKKpS-2FwSTYJshRVLaBKfZYO9LKCKknYuJ1HkbX2A49CSmLgEgEkCODLnYbmbYgT5dsq3NHcmdl0k6RKCbSO3u5dnJ2B7suFNTxBJCFPNUVSL2ZPk7basbEIF-2B9-2FU7-2B3ml8IcbxlQNa-2Bhkc2Ftw3z-2Bup32eYU8b87iJePTc5fvogojAhT4jG4NRrS4BnCKmLNAcpJ2AYiFi-2Bx-2FZUaNk0VM0DJYUzM6IyYdXmrIEadNZGiuj3zj2VNikxvS6Yrqu94YmlQva9C-2BUWTtueYaPNC-2F9ljMZ88Q9B7jxBB9sfyewSQ5m90Yhn9vyXhoOh5pWtcwju7VM6anKjhR7h-2BaENVuXWVyMdm3i5UrXSfr48xEgF4hs6mBMz-2FSOfnfCNHywtDQ5mbcJh4fufCSclconBwl45V27pJF2G-2F-2F-2FRxI4w9yPUELDRgJpxiYwl61pLUNI-2FdMWesp8XL14DUrRAyQmx6q7Bcj3oGiq9Tjgtj8bg8iCe4LUPow2znGFgow-3D"><span style="font-weight: 400;"> $100 million hack</span></a><span style="font-weight: 400;"> of BSC Token Hub and the</span> <a href="http://nl.theblockcrypto.com/ls/click?upn=qW-2BWskbkvE8hoYkD9cNmPO2soheajzov-2F-2BroXnWeq5Io2Z9hGnNwwtAo3KmIVLQzUCT-2FHwHM40cN7h6VrkUw7JaZd9VaBzl1zm-2Fyk2R4R6mf5dHm1gp3CHQ-2FuJalEQVRl-E8_8-2FF5Fe-2FBr57MriQQa7hEPblEuFtGs9Gc6191hiWJKRDJMYsOfqGIzGJHFr2x2-2B8IdJ2Sus485-2FcAeu9yDOuDyUBfAN99-2Bej-2FzEX9mkl9lMyy4YKziwNxw8QSHRWHgzQ2EC-2FUKjAESAQND2zl-2FlSLO5P0ql1FlbhllCgkEx7u9pbSprHzc0Tbt06W5AG1KIRiVy6hdiO2-2BdStOdJPlSXBxs7xtvHLkSfaYXxh3a1iMZ2eH0WSXkx7VvU-2FuHjjgMcJC-2FUe3UcvxXK-2BpNw5dQKaY-2BRMnRfqf9XsXNrj1lovlml-2FQTEgAwpu1A166nDzRJ4aUfxIsRz201MdpYBCvlCh1quRCa7NKEHQCRoLc-2FVPjghPBwOJw1gysulfJNgHq2wYs-2FEvrQ9X2aTdTAisSTBmu0s3GL0jipXr-2FHeA-2FLwNs6IrgXlXrIOLHG9th0TMXldiU58nCfno-2FmYqXeouklhjDljxNcb-2FbIuEitpnPkbJs83rlAZ5NKaKKpS-2FwSTYJshRVLaBKfZYO9LKCKknYuJ1HkbX2A49CSmLgEgEkCODLnYbmbYgT5dsq3NHcmdl0k6RKCbSO3u5dnJ2B7suFNTxBJCFPNUVSL2ZPk7basbEIF-2B9-2FU7-2B3ml8IcbxlQNa-2Bhkc2Ftw3z-2Bup32eYU8b87iJePTc5fvogojAhT4jG4NRrS4BnCKmLNAcpJ2AYiFi-2Bx-2FZUaNk0VM0DJYUzM6IyYdXmrIEadNZGiuj3zj2VNikxvS6Yrqu94YmlQva9C-2BUWTtuAGNuReUwvoe4LADA3AX7k9dyNfwFB5OmXoB8m-2BjBZlsxVWRQIVLgnhdutWNdzdCYzcMlAbEIGsIpF2tQaNxpNSc-2B-2BMZ70JcLG-2BQBRDHYAQd9RbFvZtOnXdY01-2B7q-2BANh9mJyUJT-2BUuRjdB72LZSG4qTQ6fGXwoqBArjbPWFbh1TvRlKAoTqGmPaR-2F-2BGBMbD-2BHRIR0NiCveKXTSBzlTeCwuOrMLzOAG2CbmnDsctXOxg-3D"><span style="font-weight: 400;">$114 million attack</span></a><span style="font-weight: 400;"> on Mango Markets.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>