A user lost over $1.6 million worth of Bitcoin and other cryptocurrencies to a fake Trezor app on Apple’s App Store

Apple users have lost over $1.6 million worth of Bitcoin and other cryptocurrencies to hackers after falling victim to a sophisticated phishing attack involving a fake version of the popular Trezor wallet on the App Store.

A user lost 17.1 Bitcoin, worth $600,000, to a fake Trezor app on Apple’s App Store

It was the quintessential right thing in their mind: They chose a hardware wallet app, sent it their Bitcoin or typed in their private keys, and embraced the ‘cold’ storage method of storing their assets instead of trusting third-party, unregulated exchanges.

But that’s where things went wrong. The Trezor app they downloaded turned out to be a fake of the original hardware wallet, meaning any Bitcoin sent to such a fake wallet address was pocketed by the cyber thieves themselves, instead of finding a way to safe storage.

One such victim was Phillipe Christodoulou, who downloaded the fake Trezor last month to check his wallet balance as Bitcoin prices shot through the roof. He downloaded the app, typed in his private credentials, and, almost immediately afterward, lost over 17.1 Bitcoin—worth $600,000 at the time and worth a significant chunk of his life savings.

Christodoulou’s not alone. Coinfirm, UK-based crypto investigations, and regulations claim to have received over 7,000 inquiries about stolen crypto assets since October 2019. It adds that such fake apps in Google’s Android Play Store and the App Store are common.

As per the firm, five people have confirmed to have lost cryptocurrency stolen by the fake Trezor on App Store for losses totaling $1.6 million. Three other users, on the other hand, have lost over $600,000 in crypto to fake Trezor apps on Android.

Apple, on its part, has not yet named the developer of the fake Trezor app or provided their contact information to victims. The firm has, furthermore, not revealed if it has provided any information to law enforcement.

Apple products and the App Store are long-regarded for their safety and security features, meaning the presence of scam applications comes as a surprise to many. The firm actively curates its store and passes each app through extensive quality tests before their listing—a move that helps increase customer trust.

It’s why users like Christodoulou are angrier at Apple than the hackers themselves. He says Apple marked the fake Trezor app as a ‘safe and trusted’ one, trusting the firm’s security instead of using his own discretion.

He said in a statement:

“They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this.”

Apple said they take action against such scams:

“In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future.”

Apple isn’t the only company whose app store has played host to fake crypto wallet apps. In January this year, Trezor took to Twitter to warn users of a malicious Android app in the Google Play Store that had been downloaded more than 1,000 times.

In both cases, the scammers used a phishing technique to convince hardware wallet users to enter their recovery phrase – enabling them to create a copy of the wallet and send the funds it contained to an address of their choice. Blockchain analytics firm Chainalysis reported that Christodoulou and Fajcz’s funds had been sent to a suspicious account.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like