Halborn Logo

// Blog

Explained: Hacks

Explained: The BitKeep Hack (October 2022)


profile

Rob Behnke

October 21st, 2022


In October 2022, BitKeep’s Swap function was exploited by an attacker. After gaining access to the vulnerable contract, the attacker drained over $1 million in tokens from BitKeep users’ wallets.

Inside the Attack

BitKeep Wallet offers swap functionality, enabling users to trade one type of token for another on-chain. As part of this swap functionality, users commonly create approvals, which allow authorized parties to extract certain tokens from their accounts. While these DeFi approvals can be useful, they also can create security risks if an attacker gains control over the authorized party.

This was the case in the BitKeep Swap incident. After an attacker took over the swap/router, they were able to use approvals to drain value from users’ wallets. In total, over $1 million in tokens was stolen before the BitKeep team was able to freeze the swap functionality, blocking further attacks.

DeFi users can manage their risk of token theft by monitoring and managing their DeFi approvals using a service like Revoke.cash. In this case, BitKeep has also committed to compensating users affected by the incident.

Lessons Learned From the Attack

The BitKeep Swap hack underscores the security risks of DeFi approvals. While you might trust a particular project with approvals, that can come back to bite you if an attacker can take over or otherwise exploit the contract and use those approvals.

While users should protect themselves by managing approvals, this and similar DeFi hacks are only possible if an attacker can gain control over or unauthorized access to a project’s contract. To learn more about securing your smart contracts against similar attacks, reach out to our Web3 security experts at halborn@protonmail.com.