Bogus Trezor iOS App Snares Investor’s USD 1M Bitcoin Savings
A bitcoin (BTC) investor who says he lost over BTC 17 (USD 0.99m) to scammers has hit out at Apple for hosting a fake app on its store that allowed criminals to make off with his “life savings.”
Speaking to the Washington Post, the investor, a Trezor wallet user named Phillipe Christodoulou, explained how he had wanted to use a Trezor app to check his BTC balance. He proceeded to search the App Store on his iPhone for a Trezor app. He recounted that when he came across a bona fide-looking app with a “nearly five-star rating” bearing what appeared to be the Trezor logo, he downloaded it and entered all his credentials.
“In less than a second,” wrote the media outlet, the tokens were gone – and Christodoulou understood he had been duped by scammers who had devised a clever means to trick people into handing them full access to their crypto holdings.
But Christodoulou has laid the blame at the tech giant’s door, with the Washington Post writing: “He says Apple marketed the App Store as a safe and trusted place, where each app is reviewed before it is allowed in the store.”
“[Apple] betrayed the trust that I had in them. [It] doesn’t deserve to get away with this.”
Apple appraises all apps submitted to its store, but some app-makers notoriously make subtle changes to their app codes once they have been accepted, transforming them into legit-looking phishing scheme tools.
Although periodic reviews do catch many such apps, apps of unsure origin that many cautious crypto users might like to steer well clear of have been known to appear on the Apple store.
Such apps are not the sole preserve of iOS, however. The media outlet says that Google told it that “it knows of two fake Trezor apps that have appeared on the Google Play store,” both of which it has “removed.”
The media outlet also quoted a crypto fraud investigator named Coinfirm as stating that five people have reported losing crypto to thieves via the bogus iOS Trezor app “for total losses worth USD 1.6m,” while “fake Trezor apps on Android stole a total of USD 600,000 in cryptocurrency.”
On a Twitter thread responding to a post from the Casa co-founder Jameson Lopp, many expressed their ire at Apple, with one writing,
“This was a very, very tragic mistake. Apple is still at fault here.”
Lopp himself warned that crypto users should “stop entering seed phrases into software,” and instead “only enter seeds into dedicated bitcoin hardware devices.”
“I thought Apple was meant to verify all apps on their store. That’s usually the reason people give me for not using Android. Looks like Apple aren’t interested in doing that now,” another user wrote.
Others were less quick to point the finger at Apple, with one opining,
“So Apple has to do what exactly? Inspect the source code for every app it hosts and then build that app from source itself? No, the fault was [Christodoulou’s], in having baseless faith in a curated ecosystem.”
– Ledger Scammers Reportedly Go Trans-Wallet & Target Trezor Users
– Crypto Security in 2021: More Threats Against DeFi and Individual Users
– Two Wrong Guesses And This Programmer Loses USD 241M in Bitcoin
– Teaching True Story: Trader Robbed of Nearly USD Half Million in Bitcoin
– How to Protect Your Absolute Crypto Lifeline – Seed Words