KeyTakeaways:
BOM malware stole over $1.82 million from 13,000+ cryptocurrency customers. Attackers used cross-chain transfers to launder stolen funds throughout a number of blockchains. Malware exploited gadget permissions to steal pockets info and ship it to distant servers.
A brand new malware marketing campaign has resulted in a large cryptocurrency theft, with attackers stealing greater than $1.82 million from over 13,000 victims. In accordance with a joint investigation by safety corporations SlowMist and OKX, the rogue app, often called BOM, has been recognized because the supply of the breach. The assault focused customers of crypto wallets, exploiting vulnerabilities to steal delicate information comparable to mnemonic phrases and personal keys.
The BOM malware was designed to trick customers into granting it entry to their picture libraries and native storage. Upon set up, the app misleadingly requested these permissions, claiming they had been essential to perform accurately. As soon as granted, BOM secretly scanned the gadget for photos containing delicate info, comparable to pockets mnemonic phrases or non-public keys.
These stolen particulars had been then uploaded to distant servers managed by the attackers. This course of was carried out with out the consumer’s data, making it tough to hint the malware’s actions. OKX’s Web3 safety staff evaluation revealed that the BOM app was constructed utilizing the UniApp cross-platform framework, a software generally used for extracting delicate information.
Stolen Funds Traced Throughout A number of Blockchains
Blockchain evaluation has helped hint the stolen funds throughout a number of cryptocurrency networks. The primary assault tackle was activated on February 12, 2025, when it acquired 0.001 BNB. From there, the attackers moved funds throughout varied blockchains, together with Ethereum, Binance Sensible Chain (BSC), Polygon, Arbitrum, and Base.
The attackers made roughly $37,000 on the BSC community, largely in USDC, USDT, and WBTC. They used PancakeSwap to trade these tokens into BNB. The Ethereum community noticed the biggest losses, totaling round $280,000. These funds had been primarily the results of cross-chain ETH transfers. A backup tackle acquired 100 ETH and 160 ETH from one other tackle. As of now, this tackle holds 260 ETH with no additional exercise.
Smaller Losses Noticed on Different Networks
The attackers additionally managed to steal funds from the Polygon, Arbitrum, and Base networks. Round $65,000 price of tokens, together with WBTC, SAND, and STG, had been taken on Polygon. A lot of this was exchanged for POL tokens on the OKX-DEX. The Arbitrum and Base networks had been additionally focused, with losses of $37,000 and $12,000, respectively.
The attackers utilized varied strategies to maneuver the stolen funds throughout a number of networks, together with utilizing decentralized exchanges and cross-chain bridges to cowl their tracks. Nevertheless, their actions have been traced, offering helpful perception into the assault’s operation and scale.
Learn Additionally: Masks Community CEO Suji Yan Loses Over $4 Million in Crypto Theft
SlowMist and OKX have launched detailed experiences on the assault, together with the technical points of how BOM operates. Whereas the investigation is ongoing, these findings have make clear cybercriminals’ techniques for exploiting unsuspecting cryptocurrency customers.
