KeyTakeaways:
BOM malware stole over $1.82 million from 13,000+ cryptocurrency customers. Attackers used cross-chain transfers to launder stolen funds throughout a number of blockchains. Malware exploited system permissions to steal pockets info and ship it to distant servers.
A brand new malware marketing campaign has resulted in a large cryptocurrency theft, with attackers stealing greater than $1.82 million from over 13,000 victims. In response to a joint investigation by safety corporations SlowMist and OKX, the rogue app, referred to as BOM, has been recognized because the supply of the breach. The assault focused customers of crypto wallets, exploiting vulnerabilities to steal delicate knowledge comparable to mnemonic phrases and personal keys.
The BOM malware was designed to trick customers into granting it entry to their picture libraries and native storage. Upon set up, the app misleadingly requested these permissions, claiming they have been essential to perform appropriately. As soon as granted, BOM secretly scanned the system for photographs containing delicate info, comparable to pockets mnemonic phrases or non-public keys.
These stolen particulars have been then uploaded to distant servers managed by the attackers. This course of was carried out with out the consumer’s information, making it troublesome to hint the malware’s actions. OKX’s Web3 safety workforce evaluation revealed that the BOM app was constructed utilizing the UniApp cross-platform framework, a device generally used for extracting delicate knowledge.
Stolen Funds Traced Throughout A number of Blockchains
Blockchain evaluation has helped hint the stolen funds throughout a number of cryptocurrency networks. The principle assault tackle was activated on February 12, 2025, when it acquired 0.001 BNB. From there, the attackers moved funds throughout varied blockchains, together with Ethereum, Binance Good Chain (BSC), Polygon, Arbitrum, and Base.
The attackers made roughly $37,000 on the BSC community, largely in USDC, USDT, and WBTC. They used PancakeSwap to trade these tokens into BNB. The Ethereum community noticed the biggest losses, totaling round $280,000. These funds have been primarily the results of cross-chain ETH transfers. A backup tackle acquired 100 ETH and 160 ETH from one other tackle. As of now, this tackle holds 260 ETH with no additional exercise.
Smaller Losses Noticed on Different Networks
The attackers additionally managed to steal funds from the Polygon, Arbitrum, and Base networks. Round $65,000 value of tokens, together with WBTC, SAND, and STG, have been taken on Polygon. A lot of this was exchanged for POL tokens on the OKX-DEX. The Arbitrum and Base networks have been additionally focused, with losses of $37,000 and $12,000, respectively.
The attackers utilized varied strategies to maneuver the stolen funds throughout a number of networks, together with utilizing decentralized exchanges and cross-chain bridges to cowl their tracks. Nonetheless, their actions have been traced, offering beneficial perception into the assault’s operation and scale.
Learn Additionally: Masks Community CEO Suji Yan Loses Over $4 Million in Crypto Theft
SlowMist and OKX have launched detailed studies on the assault, together with the technical features of how BOM operates. Whereas the investigation is ongoing, these findings have make clear cybercriminals’ ways for exploiting unsuspecting cryptocurrency customers.
