Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
BiKi.com announced that at 0:08:23 on March 26, the BiKi.com community received a user feedback that his password has been tampered with and need to bind the new Google verification code.At around 5 in the morning, 28 users had the same problem, and the risk control system received an alarm. After investigation, it is because some users are not bound to Google verification code and third-party verification code service provider SMS is hijacked and caused. At present, the number of of accounts that have been tampered with passwords is 37, and the account involved in asset transfer is 18, and the loss amount is 12.33 million USDT, the BiKi.com will bear the full amount of the loss. Attack method (per SlowMist): unknown. Reported loss: 123,300 USDT.
- chain
- —
- protocol
- BiKi
- bug_class
- unknown
- date_occurred
- 2019-03-26
- loss_usd
- —
- source_id
- sm:biki::2019-03-26