Bitcoin scam app cheated user over $ 600,000 on Apple’s App Store
A fake Bitcoin app launched on the App Store, tricking iPhone user Phillipe Christodoulou into downloading it. After logging in, he immediately lost 17.1 bitcoin, worth over $600,000 at the time.
- How to buy Bitcoin
- What are Bitcoin Faucets? | Learn How To Get Bitcoin Faucet Rewards
- You can mine Bitcoin on a Nintendo Game Boy — here’s how it works
Philip Christodoulou wanted to check his bitcoin balance last month, so he searched the App Store on his iPhone for “Treasure,” the maker of a small hardware device that he uses to store his cryptocurrency. The company’s padlock logo popped up against a green background. The app was rated close to five stars. He downloaded it and typed in his credentials.
In less than a second, almost all of his lifetime savings – 17.1 bitcoins worth $ 600,000 – were gone. The app was a fake, designed to make people think that it was a legitimate app.
But Christodoulou is more angry at Apple than the thieves themselves: He says Apple has marketed the App Store as a safe and reliable place where every app is reviewed before it is allowed into the store.
Christodoulou, once a loyal Apple customer, said he no longer praised the company. In an interview, he said, “He betrayed the trust I expressed in me.” “Apple doesn’t deserve to get away with it.”
Apple calls its App Store “the world’s most trusted marketplace for apps”, where every submission is scanned and reviewed, ensuring that they are safe, secure, useful, and unique. But in fact, according to experts, it is easy for scammers to circumvent Apple’s rules. Criminal app developers can break Apple’s rules by submitting appropriately intuitive apps for approval. Once they are in the store, scammers can only turn the app into a phishing app, which tends to give people their information, until Apple finds out and deletes the app, according to Apple.
Crypto scams are also common on Google’s Android and the web. But their presence on the Apple App Store is more surprising as Apple says it curates the store and examines each app, creating a high level of consumer confidence. The company said Apple collects a 15 to 30 percent commission on all sales on the App Store.
Apple spokesman Fred Sainz said, “User confidence is at the foundation of why we built the App Store, and we’ve only deepened that commitment over the years.” “Study after study has shown that the App Store is the safest app marketplace in the world, and we are constantly at work to maintain that standard and strengthen the security of the App Store. In limited instances when criminals pass on our users If you cheat, then we should take swift action against these actors to prevent similar violations in future. ”
The apps’ ability is added to something else entirely after being approved by the App Store, which calls into question the effectiveness of Apple’s review process to deter mammals. Apple won’t say how often these scams appear, or how often it removes them. But it said it removed 6,500 apps for “hidden or unknown features” last year. Apple cited user safety as its protection against allegations from lawmakers, regulators and competitors that the company competitively exercises its monopoly on app distribution over iPhones.
“Apple often pushes myths about user privacy and security as an antagonist,” said Meghan DiMuzio, executive director of the Alliance for App for Fairness, which formed the app. The store was to fight the power of Apple. “The truth is, Apple’s security ‘standards’ inconsistently apply to apps and only when it benefits Apple.”
Apple acknowledged that there have been other cryptocurrency scams on the App Store, but would not say how many. Apple would not say that, when the fake Trezor app entered the App Store in the past, the new app called “Trezor” was not marked as a potential fraud.
Pavelafir, a UK company that specializes in cryptocurrency regulations and investigates fraud, says that since October 2019 there have been more than 7,000 inquiries about stolen crypto assets. Chief Information Officer of the Pavel Alexander Company, fake apps in Google’s Android Play Store and Apple’s App Store.
Coinfirm said five people reported the theft of cryptocurrencies by a fake Trezor app on iOS, for a total loss of $ 1.6 million. There have been three reports of fake Treasure Apps on Android, which steal $ 600,000 in cryptocurrency.
Apple will not name the developer of the fake Trezor app or provide the contact information of the developer. Apple would not say whether it was changing the name to law enforcement or whether it investigated the developer further. Apple also would not say whether that developer had developed any other apps in the past or had connections to other developer accounts under different names.
Google spokesman Colin Smith said, “We do not allow apps that mislead users by impersonating another app, developer, or company, and when we find an app that violates our policies , Then we take appropriate action. ”
Google did not reveal how the Treasure app built on the Google Play store. It said that it knows of two fake Treasure Apps that have appeared on the store. This eliminated both. The company did not reveal whether it notified law enforcement, or how many other scam apps it had found on the store. Reddit’s posters discussed a fake Treasure app, and Google stated that it had removed the developer of that app. It did not say if that developer was investigated. The Analytics firm app Figure 8 was able to find fake Trazor apps that have appeared on the Play Store.
Of all internet scams, theft of cryptocurrency is the most attractive to thieves. Millions of dollars can be split into digital currency in second place, and high-profile crypto diamonds have earned a total of $ 530 million for thieves, which occurred in the 2018 Coincheck hack. In 2014, Apple cut crypto wallets on Apple. Store but then restored them the same year. Apple does not allow cryptocurrency mining apps, and it imposes additional restrictions on crypto wallet apps.
To better protect your investment, people who own cryptocurrency transfer their investment to “hardware wallets”, which are like USB thumb drives that store secret and sensitive information. A thief would be required to steal someone’s cryptocurrency.
The hardware plugs into the computer via a USB device. By typing in a PIN and sometimes an additional passphrase, the hardware wallet can be accessed and used to conduct transactions. In the absence of a hardware wallet, the information can be decrypted with the secret “seed phrase”. Some people place the seed phrase in a safe-deposit box, hoping they will never have to use it, or etching on durable metal that can survive the fire. Scammers use phishing to give people their seed phrases.
Trezor is based in the Czech Republic and is owned by a company called Satoshi Labs, a well-known manufacturer of hardware purses. Trezor does not have a mobile app, but crypto thieves created a fake and put it on Apple’s App Store in January and the Google Play Store in December, according to those companies, allowing some unmatched Treasure customers to enter their seed phrases Prompted for.
A Trezor spokeswoman, Christina Mazankova, said the company had been informing Apple and Google for years about fake apps posing as a Trezor product to scam its customers. Treasurer has never had a mobile app, although the company is working on one. He said the process of reporting apps is “painful” and representatives from Apple and Google are not in touch.
Mazankova said Trezor notified Apple on February 1 about a copycat app. Apple removed the app on 3 February, but according to Christodoulou, it reappeared a few days before being removed again.
According to Apple, the fake Treasure app was found through the App-Store via a buy-and-switch. Although it was called Trezor and used the Trezor logo and colors, it represented, according to Apple, a “cryptography” app that would encrypt iPhone files and store passwords. The developer of the fake Treasure app told Apple’s review team that it was “not involved in any cryptocurrency.” Apple approved the app on January 23 by placing it in the App Store.
Not long after, the Treasure Cryptography app, unaware of Apple, transformed itself into a cryptocurrency wallet. Apple does not allow these types of changes, but Apple says it does not know when they occur. It is up to users and customers to report it when it happens.
After Treasor reported the fake app to Apple, Apple says it removed the app and banned the developer. Two days later, A
Mobile app analytics firm Sensor Tower said the Trazor app was on the Apple App Store at least from January 23 to February 3 and appears to have been downloaded about 1,000 times. The app was downloaded about 1,000 times on Android, but Sensor Tower did not actually collect data when it became available.
James Fajcz, Sawan, Ga. , Who is a reliability engineer at a paper company, as well as his cryptocurrency was stolen by a fake Treasure App, he says. In December, as he saw digital token prices rise, he bought Ethereum and Bitcoin for about $ 14,000 on CoinReb and Binance with money from his savings.
He wanted to make sure his investment was safe, so he bought a Treasure Model T hardware wallet and downloaded an app on his iPhone called Trezor that asked for his seed phrase. Applications were not connected to their treasure wallet, and they felt that it did not work.
Weeks later, he bought more ethereum on Coinbase. They plugged in their Treasure device, but there was nothing. He went to the Treasury Support Forum on Reddit for answers. A poster of Reddit informs them: there is no Trazor app. “My jaw dropped to the floor. My heart sank,” he said. “I realized what I did.”
Fajcz said he called Apple’s support line. An Apple representative said the company was not responsible, Fajcz says. “It was a reliable app on the App Store that could be the best and most reliable app store anywhere on any system,” he said. “And it’s found on the nefarious app platform? I think Apple should be held partially or wholly responsible for this.”
In a few years, Christodoulou had accumulated 18.1 bitcoins. At the beginning of the coronavirus epidemic, each was valued at about $ 5,500. By October, the price had skyrocketed to $ 60,000 earlier this year.
Christodoulou had hoped that his bitcoin holdings would help save his dry-cleaning business, which was reduced during the epidemic. On 1 February, he wanted to be able to check his bitcoin balance using his phone instead of a computer. So he checked the App Store, downloaded the fake Treasure app and entered his seed phrase.
Soon after, he plugged his Treasure Hardware wallet into his computer and logged in to check his balance. Everything was missed.
That evening, Christodoulou went to the App Store again to look more closely at rave reviews. According to analytics firm App Figures, the previously deleted Trazor app had 155 reviews on the App Store. When Christodoulou opened written reviews, he read the complaints of other people, who were scammed in the same way. The five-star rating that helped legalize the app was fake, he said, taking part.
Christodoulou called Apple Customer Support and a representative said he would extend it to a supervisor. He said he also informed Apple and filed a report with the FBI. FBI spokesman Lauren Haige Glintz declined to comment on the report.
Chainalysis, a commercial blockchain analysis firm, reviewed the documents provided by Fajcz & Christodoulou and confirmed that their cryptocurrency was transferred from their wallet to a suspicious account. Both appeared to be theft related, Chenelalis spokesman Madeleine Kennedy said. “There is evidence that it is a scam of hundreds of thousands of dollars,” he said.
Only one of Christodoulou’s 18.1 bitcoins was spared because they transferred it to a bitcoin savings service called Blockify. At the time of the theft, their 17.1 stolen bitcoins were valued at $ 600,000, but they soon rose to $ 1 million in value.
Bitcoin‘s surge in popularity has seen a rise in fake apps scamming smartphone users. Even with Apple‘s focus on privacy and App Store security, fake apps still manage to get past the review team and now, a recent victim is not happy.
Bitcoin scam apps run extensively
As The Washington Post reported, Christodoulou is furious at Apple for letting the app become available on the App Store for the first time. The fake app was designed to look like a “Treasure” app – a company that makes small hardware devices that Christodoulou uses to store its cryptocurrencies.
According to the article, Apple stated that the fake Treasure app was found through the AppleApp store via a bat-and-switch. It was called Trezor and used the brand’s logo and colors, but was referred to as a “cryptography” app that would encrypt iPhone’s files and store passwords. Apple approved the app, and now Christodoulou has lost more than $ 600,000.
After the fake Bitcoin app was reported by the Trezor company, Apple removed it from the App Store and banned the developer. However, it did not end, though two days later another fake Treasure app popped up. Thankfully, Apple took it almost immediately.
Apple places a great deal on the privacy and security of its App Store, even specifically stating that it is “a safe and reliable place to find and download applications.” The company also claims that more than 500 dedicated experts around the world review over 100,000 apps.
But despite their efforts, the fake bitcoin app still slipped under the radar. According to marketing intelligence company Sense Tower, the app was downloaded over 1,000 times on both the App Store and Android’s Google Play store. Yikes.
Unfortunately, this is not the first time the Bitcoin scam app has handed over highly valuable cryptocurrencies to users. The article also revealed another victim who lost $ 14,000 worth of Ethereum and Bitcoin by downloading a fake Treasure app on her iPhone.
If you are on the hunt to buy bitcoins and are an avid iPhone user, then let us know that there is no Trezor app for iOS.
Although Apple may have a strict policy on the App Store (the tech giant claims more than a million app submissions have been rejected due to illegal content), this unfortunate scam goes to show that it’s against your own background It is worth investigating. Who wants to be $ 600,000 out of pocket?