On Monday, an unknown hacker targeted the token swap service offered by BitKeep, a multi-chain crypto wallet.
The exploiter was able to steal $1 million in BNB tokens from users that had approved tokens on the BitKeep’s swap service, also called a swap router, on the BNB Chain. The stolen funds were later routed through crypto mixer Tornado Cash in an effort to obfuscate activity.
“BitKeep Swap was hacked, and our development team has managed to contain the emergency and stopped the hacker. The attack was directed to the BNB Chain, causing a loss of about $1 million,” the team tweeted.
Igor Igamberdiev, Research Director, Data at The Block,explained that BitKeep’s swap contract had previously contained a logic error that allowed the hacker to make a malicious call and seize users’ funds. The vulnerability stemmed from the BitKeep swap contract’s lack of input validation, allowing the attacker to spoof input values. This means the exploiter was able to make illegitimate swaps from addresses that had approved to spend on BitKeep’s swap router.
BitKeepsays it will refund all victims that had funds stolen during the incident.
“BitKeep will launch a compensation portal within 3 working days for all victims to apply for refund,” the projectsaid.
Still, the incident represents another addition to the list of exploits that have plagued the crypto sector this month. So far in October, more than $700 million has been lost across more than a dozen notable exploits,according to Chainalysis estimates.
These include the $2 million exploit of QANplatform, $2.34 million stolen from RabbySwap, $100 million hack of BSC Token Hub and the $114 million attack on Mango Markets.
