KeyTakeaways:
- BOM malware stole over $1.82 million from 13,000+ cryptocurrency customers.
- Attackers used cross-chain transfers to launder stolen funds throughout a number of blockchains.
- Malware exploited system permissions to steal pockets info and ship it to distant servers.
A brand new malware marketing campaign has resulted in an enormous cryptocurrency theft, with attackers stealing greater than $1.82 million from over 13,000 victims. In response to a joint investigation by safety corporations SlowMist and OKX, the rogue app, generally known as BOM, has been recognized because the supply of the breach. The assault focused customers of crypto wallets, exploiting vulnerabilities to steal delicate information akin to mnemonic phrases and personal keys.
The BOM malware was designed to trick customers into granting it entry to their photograph libraries and native storage. Upon set up, the app misleadingly requested these permissions, claiming they had been essential to operate accurately. As soon as granted, BOM secretly scanned the system for photographs containing delicate info, akin to pockets mnemonic phrases or non-public keys.
These stolen particulars had been then uploaded to distant servers managed by the attackers. This course of was carried out with out the consumer’s information, making it troublesome to hint the malware’s actions. OKX’s Web3 safety crew evaluation revealed that the BOM app was constructed utilizing the UniApp cross-platform framework, a instrument generally used for extracting delicate information.
Stolen Funds Traced Throughout A number of Blockchains
Blockchain evaluation has helped hint the stolen funds throughout a number of cryptocurrency networks. The principle assault deal with was activated on February 12, 2025, when it obtained 0.001 BNB. From there, the attackers moved funds throughout varied blockchains, together with Ethereum, Binance Good Chain (BSC), Polygon, Arbitrum, and Base.
The attackers made roughly $37,000 on the BSC community, largely in USDC, USDT, and WBTC. They used PancakeSwap to change these tokens into BNB. The Ethereum community noticed the most important losses, totaling round $280,000. These funds had been primarily the results of cross-chain ETH transfers. A backup deal with obtained 100 ETH and 160 ETH from one other deal with. As of now, this deal with holds 260 ETH with no additional exercise.
Smaller Losses Noticed on Different Networks
The attackers additionally managed to steal funds from the Polygon, Arbitrum, and Base networks. Round $65,000 value of tokens, together with WBTC, SAND, and STG, had been taken on Polygon. A lot of this was exchanged for POL tokens on the OKX-DEX. The Arbitrum and Base networks had been additionally focused, with losses of $37,000 and $12,000, respectively.
The attackers utilized varied strategies to maneuver the stolen funds throughout a number of networks, together with utilizing decentralized exchanges and cross-chain bridges to cowl their tracks. Nonetheless, their actions have been traced, offering precious perception into the assault’s operation and scale.
Learn Additionally: Mask Network CEO Suji Yan Loses Over $4 Million in Crypto Theft
SlowMist and OKX have launched detailed studies on the assault, together with the technical elements of how BOM operates. Whereas the investigation is ongoing, these findings have make clear cybercriminals’ ways for exploiting unsuspecting cryptocurrency customers.
