Singaporean cross-chain crypto wallet developer BitKeep says it has reimbursed 50% of user assets lost during a Dec. 26 security breach involving the hijacking of BitKeep’s APK 7.2.9 (Android Package Kit) installation package. Users who downloaded the malware subsequently saw their private keys compromised, leading to the theft of an estimated $8 million in user assets.

According to the March 1 statement from Bitkeep’s official Telegram account, a total of 6,731 verified addresses were breached during the incident. The firm has since completed reimbursing 50% of stolen assets in the affected addresses, with “expedited processing” for the remaining 50% of funds. BitKeep says it will complete its compensation plan ahead of schedule and release the remaining funds within two weeks.

In a statement to Cointelegraph, a spokesperson for BitKeep said the company has yet to recover the remaining assets through law enforcement efforts, and all reimbursements are “currently coming out of the company’s own pockets, including those to be completed in the near future.” According to the spokesperson:

“BitKeep is adamant about the safety of users’ assets and that is why we have stepped up to take responsibility for all damages as a result of the incident. Users’ losses are being compensated by BitKeep’s 2022 revenue and its Secure Assets Fund, and we will complete all reimbursements by March. Finally, we would like to express our gratitude to our users for their trust and support, as well as to our partners for working with us to overcome the recent challenges.”

On Dec. 29, three days after the incident, BitKeep announced that it had alerted law enforcement and would reimburse 100% of user losses. The wallet currently has over 8 million users worldwide. Last May, the firm raised $15 million in its Series A at a valuation of $100 million.