Several hardware wallet users have been duped out of their Bitcoin by fake crypto wallet apps on the Apple App Store and Google Play store.
A malicious smartphone app on Apple’s App Store, mimicking the name and visual style of Trezor hardware wallets, was used to steal 17.1 Bitcoin (BTC) from an unsuspecting user—worth $600,000 at the time, and over a million dollars today.
Per a report in The Washington Post, Trezor user Phillipe Christodoulou had stored his Bitcoin on a Trezor hardware wallet, and—wanting to check his balance—downloaded an app purporting to be from Trezor on the iOS App Store.
Although Trezor does not currently support Apple's iOS mobile operating system and does not have a mobile app, the app used the company's name and branding, and had a user rating of nearly five stars—making it appear trustworthy.
After Christodoulou downloaded the app and entered his credentials, all of his crypto immediately disappeared.
“They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this,” Christodoulou said.
Christodoulou isn't the only person to fall victim to the scam; Georgia resident James Fajcz also told the outlet that he lost $14,000 worth of Bitcoin and Ethereum to the fake app.
Apps slipping through the cracks
Apple touts its store as “the world’s most trusted marketplace for apps.” Speaking to the Washington Post, a spokesperson for Apple explained that all apps undergo a rigorous review process—but acknowledged that there have been other cryptocurrency scams on the App Store. The app that was used to scam Christodoulou was available on the App Store from at least January 22 to February 3 and was downloaded around 1,000 times.
In this specific instance, the fake Trezor app was initially presented in the “cryptography” category—as a solution for encrypting iPhone files and storing passwords—before it was changed by the developers into a crypto wallet app. Apple told the Washington Post that it had removed 6,500 apps for "hidden and undocumented features" last year, but acknowledged that it relies on users and customers to report fake apps. When Christodoulou checked the written reviews for the fake Trezor app, he read numerous complaints from others who had been scammed in the same way.
Apple isn't the only company whose app store has played host to fake crypto wallet apps. In January this year, Trezor took to Twitter to warn users of a malicious Android app in the Google Play Store that had been downloaded more than 1,000 times.
“We don’t allow apps that mislead users by impersonating another app, developer or company, and when we discover an app that violates our policies, we take appropriate action,” Google spokesperson Colin Smith told the Washington Post; the company noted that it had recently identified and removed two fake Trezor apps from the Google Play Store, though analytics firm App Figures reportedly identified eight fake apps on the store.
In both cases, the scammers used a phishing technique to convince hardware wallet users to enter their recovery phrase—enabling them to create a copy of the wallet and send the funds it contained to an address of their choice. Blockchain analytics firm Chainalysis reported that Christodoulou and Fajcz's funds had been sent to "a suspicious account."
It goes without saying that you should never enter your wallet recovery phrase into an app—however convincing it might look at first glance.
Top stories, original features, rewards & more.
Get the best of Decrypt where you want it most.
The App
The Email
Recommended News
Tether Is Trying to Be More Transparent. But Questions Linger
Yesterday, stablecoin issuer Tether released an attestation regarding its reserves—the amount of assets that “back” each coin. It’s the first such attestation from Tether in years, and it has...
The Weeknd Clears Schedule for an NFT Mic Drop
Musical artist The Weeknd, last seen pointing to cardboard cutouts of fans at the Super Bowl halftime show, is hoping more people are able to participate in his upcoming NFT release. The Gramm...
Digital Euro Will Be Decided On Within Months: ECB’s Lagarde
A decision on a digital Euro will be made in the next few months—but the actual release of such a currency could take years, European Central Bank boss Chirstine Lagarde said today. The ECB p...
BlackRock, World's Biggest Asset Manager, Has Been Stealthily Trading Bitcoin
In January SEC filings, investment firm BlackRock indicated it could add Bitcoin futures to its funds down the road. Turns it, it already has. In new SEC filings from today, the BlackRock Glob...
BossLogic’s 'Godzilla vs. Kong' NFTs Mark a First for Hollywood
Today’s release of blockbuster film "Godzilla vs Kong" in theaters and on HBO Max arrives right in the prime of the crypto collectibles non-fungible token (NFT) boom, and Legendary Entertainme...
Element Raises $4.4M to Offer High Yield Crypto Loans
In the fast growing world of DeFi—short for decentralized finance—it's common to hear of traders earning double digit interest rates when they lend out their crypto. For ordinary investors, wh...
After Christodoulou downloaded the app and entered his credentials, all of his crypto immediately disappeared.
“They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this,” Christodoulou said.
Christodoulou isn't the only person to fall victim to the scam; Georgia resident James Fajcz also told the outlet that he lost $14,000 worth of Bitcoin and Ethereum to the fake app.
Apple touts its store as “the world’s most trusted marketplace for apps.” Speaking to the Washington Post, a spokesperson for Apple explained that all apps undergo a rigorous review process—but acknowledged that there have been other cryptocurrency scams on the App Store. The app that was used to scam Christodoulou was available on the App Store from at least January 22 to February 3 and was downloaded around 1,000 times.
In this specific instance, the fake Trezor app was initially presented in the “cryptography” category—as a solution for encrypting iPhone files and storing passwords—before it was changed by the developers into a crypto wallet app. Apple told the Washington Post that it had removed 6,500 apps for "hidden and undocumented features" last year, but acknowledged that it relies on users and customers to report fake apps. When Christodoulou checked the written reviews for the fake Trezor app, he read numerous complaints from others who had been scammed in the same way.
Apple isn't the only company whose apps
store has played host to fake crypto wallet apps. In January this year, Trezor took to Twitter to warn users of a malicious Android app in the Google Play Store that had been downloaded more than 1,000 times.