BitKeep Exploiter Sends 1M DAI to OKX and 180K DAI to KuCoin

The recent transfers are the latest in a series of funds movements intended to conceal the stolen assets.

The hackers involved in the recent BitKeep exploit have transferred $1M worth of DAI to a wallet on the Seychelles-based exchange OKX and $180K worth of DAI to another wallet on KuCoin. The latest transfers come amidst swaps and movements intended to conceal the stolen assets.

Peck Shield highlighted the development m today. 

“PeckShield has detected that BitKeep Exploiter has transferred 1M DAI to OKX and 180k DAI to Kucoin,” the platform disclosed in a tweet, sharing a chart of the funds flow.

#PeckShieldAlert PeckShield has detected that #BitKeep Exploiter has transferred 1M $DAI to OKX and 180k $DAI to Kucoinhttps://t.co/Ud8d3HIs0k https://t.co/Z8bABb3cJg pic.twitter.com/EWYqgvdjfF

— PeckShieldAlert (@PeckShieldAlert) December 27, 2022

Recall that hackers recently exploited BitKeep, as The Crypto Basic reported yesterday. The exploit saw over $8M in customer funds stolen, with thousands of users impacted, according to an official announcement from BitKeep today. 

1/ At 3-4 AM GMT+8 on December 26, 2022, a large-scale hacking incident occurred on BitKeep. After preliminary investigation, this large-scale hacking incident has been identified as a malicious fund attack with thousands of users involved.

— BitKeep Wallet (@BitKeepOS) December 27, 2022

BitKeep claims the exploit occurred due to malicious codes installed on its latest Android version by the hackers after they successfully hijacked the APK packages. Five packages from the latest 7.2.9 Android version are reported to have been affected. 

Following the exploit, the hackers repeatedly swapped and transferred the stolen assets across several chains to conceal the funds. Still, BitKeep has noted that they are currently monitoring the flow and have frozen some of the stolen funds with the help of third-party entities. 

According to BitKeep, the hackers used over 200 addresses across 3 chains in the exploit, sending all stolen funds to two primary addresses.

Furthermore, on-chain explorer and data analytics platform OKLink disclosed that the exploit involved 4 chains, including BSC, TRX, ETH, and Polygon. OKLink detected 50 addresses involved in the hack. As a result of the multiple movements, transaction volume reached a whopping $31M.