{"id":531794,"date":"2022-12-28T10:40:26","date_gmt":"2022-12-28T12:40:26","guid":{"rendered":"https:\/\/teknomers.com\/fr\/bitkeep-confirme-la-cyberattaque-et-perd-plus-de-9-millions-de-dollars-en-devises-numeriques\/"},"modified":"2022-12-28T10:40:27","modified_gmt":"2022-12-28T12:40:27","slug":"bitkeep-confirme-la-cyberattaque-et-perd-plus-de-9-millions-de-dollars-en-devises-numeriques","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/bitkeep-confirme-la-cyberattaque-et-perd-plus-de-9-millions-de-dollars-en-devises-numeriques\/","title":{"rendered":"BitKeep confirme la cyberattaque et perd plus de 9 millions de dollars en devises num\u00e9riques"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">28 d\u00e9cembre 2022<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Cha\u00eene de blocs \/ Logiciels malveillants Android<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Le porte-monnaie crypto multi-cha\u00eenes d\u00e9centralis\u00e9 BitKeep a confirm\u00e9 mercredi une cyberattaque qui a permis aux acteurs de la menace de distribuer des versions frauduleuses de son application Android dans le but de voler les devises num\u00e9riques des utilisateurs.<\/p>\n<p>&#8220;Avec un code implant\u00e9 de mani\u00e8re malveillante, l&#8217;APK modifi\u00e9 a entra\u00een\u00e9 la fuite des cl\u00e9s priv\u00e9es de l&#8217;utilisateur et a permis au pirate de d\u00e9placer des fonds&#8221;, a d\u00e9clar\u00e9 Kevin Como, PDG de BitKeep. <a rel=\"nofollow noopener\" href=\"https:\/\/blog.bitkeep.com\/en\/?p=2964\" target=\"_blank\">m&#8217;a dit<\/a>le d\u00e9crivant comme un &#8220;incident de piratage \u00e0 grande \u00e9chelle&#8221;.<\/p>\n<p>Selon la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 blockchain <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1607266917894737921\" target=\"_blank\">PeckShield<\/a> et explorateur de cha\u00eenes de blocs multi-cha\u00eenes <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/OKLink\/status\/1607376983536865285\" target=\"_blank\">OKLien<\/a>environ <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/OKLink\/status\/1607998953789992961\" target=\"_blank\">9,9 millions de dollars<\/a> valeur d&#8217;actifs ont \u00e9t\u00e9 pill\u00e9s jusqu&#8217;\u00e0 pr\u00e9sent.<\/p>\n<p>&#8220;Les fonds vol\u00e9s sont sur BNB Chain, Ethereum, TRON et Polygon&#8221;, poursuit BitKeep <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/BitKeepOS\/status\/1607666302080155648\" target=\"_blank\">c&#8217;est not\u00e9<\/a> dans une s\u00e9rie de tweets.  &#8220;Plus de 200 adresses sur les trois autres cha\u00eenes ont \u00e9t\u00e9 utilis\u00e9es dans le braquage, et tous les fonds ont finalement \u00e9t\u00e9 transf\u00e9r\u00e9s vers 2 adresses principales.&#8221;<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/uptycs-inside\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEiFnQCqFUEdZwz09FePR3hG7AgLONIkxkHQShYlYG9sMAfmFEby7X_H70pQ-9LE4EGZ23DtteXmqkaRJtbEWD3LgdJDEQS_GzBo6ugwqRwVEo_kbRN9E1kruaJrfiBDjY0e2mRjaHuWU1gkUzsLRVbvt0IMXMhc3P1YIy9M0fvNOrWDRwsyC7dkMcnC1A\/s728-e365-rj\/welcome-728.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>L&#8217;incident aurait eu lieu le 26 d\u00e9cembre 2022, l&#8217;acteur mena\u00e7ant exploitant et d\u00e9tournant la version 7.2.9 du fichier du package d&#8217;application Android (.APK) h\u00e9berg\u00e9 sur son site Web pour distribuer la variante cheval de Troie.<\/p>\n<p>Cela dit, l&#8217;effraction num\u00e9rique n&#8217;affecte pas les applications BitKeep t\u00e9l\u00e9charg\u00e9es via Google Play, Apple App Store ou Google Chrome Web Store.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/12\/1672231226_909_BitKeep-confirme-la-cyberattaque-et-perd-plus-de-9-millions.png\" alt=\"BitKeep confirme la cyberattaque\" border=\"0\" data-original-height=\"319\" data-original-width=\"727\" title=\"BitKeep confirme la cyberattaque\"\/><\/div>\n<p>Jusqu&#8217;\u00e0 cinq versions contrefaites diff\u00e9rentes de l&#8217;application Android avec les noms de package suivants ont \u00e9t\u00e9 identifi\u00e9es, ce qui sugg\u00e8re que les applications ont \u00e9t\u00e9 potentiellement distribu\u00e9es via des sites Web de phishing.  Le nom l\u00e9gitime du package est &#8220;<a rel=\"nofollow noopener\" href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.bitkeep.wallet\" target=\"_blank\">com.bitkeep.wallet<\/a>.&#8221;<\/p>\n<ul>\n<li>com.bitkeep.app<\/li>\n<li>com.bitkeep.w4<\/li>\n<li>com.bitkeep.w5<\/li>\n<li>com.bitkeep.wallet5<\/li>\n<li>io.bitkeep.wallet<\/li>\n<\/ul>\n<p>La soci\u00e9t\u00e9 bas\u00e9e \u00e0 Singapour, qui a \u00e9t\u00e9 fond\u00e9e en 2018, a d\u00e9clar\u00e9 qu&#8217;elle avait retrouv\u00e9 l&#8217;adresse du portefeuille utilis\u00e9e pour effectuer le vol et que certains des actifs num\u00e9riques siphonn\u00e9s avaient \u00e9t\u00e9 gel\u00e9s.<\/p>\n<p>Les utilisateurs qui ont t\u00e9l\u00e9charg\u00e9 le fichier APK pour la version 7.2.9 sont invit\u00e9s \u00e0 installer la derni\u00e8re version (7.3.0) publi\u00e9e aujourd&#8217;hui et \u00e0 transf\u00e9rer les fonds vers une adresse de portefeuille nouvellement g\u00e9n\u00e9r\u00e9e.<\/p>\n<p>Ce n&#8217;est pas la premi\u00e8re fois que BitKeep est pirat\u00e9.  Le 18 octobre 2022, il <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/BitKeepOS\/status\/1582157619032395776\" target=\"_blank\">divulgu\u00e9<\/a> un autre incident de s\u00e9curit\u00e9 ciblant son service BitKeep Swap qui a entra\u00een\u00e9 des pertes d&#8217;environ 1 million de dollars.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/12\/bitkeep-confirms-cyber-attack-loses.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80228 d\u00e9cembre 2022\ue804Ravie LakshmananCha\u00eene de blocs \/ Logiciels malveillants Android Le porte-monnaie crypto multi-cha\u00eenes d\u00e9centralis\u00e9 BitKeep a confirm\u00e9 mercredi une cyberattaque qui a permis aux acteurs de la menace de distribuer des versions frauduleuses de son application Android dans le but de voler les devises num\u00e9riques des utilisateurs. &#8220;Avec un code implant\u00e9 de mani\u00e8re malveillante, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":531795,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[135239,4168,845,4158,4165,4161,2786,26037,2414,4157,4159,4171,4170,4167,1610,4160,4163,4162,11957,2800,4172,4169,4166,4164],"class_list":["post-531794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-bitkeep","tag-comment-pirater","tag-confirme","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberattaque","tag-devises","tag-dollars","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-millions","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-numeriques","tag-perd","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/531794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=531794"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/531794\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/531795"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=531794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=531794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=531794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}