Fake Wallet APP Downloads and Malicious Backdoors are Leading Causes of Crypto Loss: Bitrace

Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStock / Sergey Nivens

One of the leading causes of loss of crypto assets is the download of fake wallet applications from search engines.

Fraudsters take advantage of search engine optimization (SEO) and search engine marketing (SEM) techniques to promote phishing links that lead to counterfeit wallet apps with malicious backdoors, Bitrace said in a recent post

These fake apps closely resemble legitimate ones in terms of appearance and usage experience, making it easy for unsuspecting users to fall victim.

Once the user synchronizes their mnemonic phrase or deposits assets into the fake wallet, their tokens are lost forever.

A prime example of this type of scam is the fake Bitpie wallet.

A simple search for “Bitpie wallet” yields numerous phishing links on the first page of search engine results.

While the fake wallet’s website may appear identical to the legitimate one, a closer examination reveals inconsistencies in the URL, exposing its fraudulent nature.

Scammers Use Clipboard Hijacking to Steal Cryptos

Another tactic used by malicious actors to steal coins is clipboard hijacking.

This classic attack involves gaining control of a victim’s computer clipboard and replacing copied cryptocurrency addresses with malicious ones.

Cryptocurrency investors commonly use the Telegram messaging app, which fraudsters exploit by embedding malicious code into fake versions of the app.

Through social engineering techniques, attackers convince users to download or update the fake app.

When a user pastes a blockchain address into the chat box, the malware identifies it and replaces it with a malicious address.

As a result, unsuspecting individuals inadvertently send funds to the attacker’s address, unaware of the scam.

In addition to these targeted attacks, cryptocurrency investment frauds often entice users with promises of high returns and low risks.

One such scheme is liquidity staking arbitrage, where users recharge a certain amount of cryptocurrency into a wallet with the expectation of earning a stable income.

However, these websites often embed malicious code in their smart contracts, allowing hackers to gain control of users’ tokens and steal their funds at any time.

To enhance credibility, scammers even ask users to download well-known wallets like OKXweb3 and Trust Wallet.

However, it is essential to remember that wallet services are permissionless, and downloading a reputable wallet does not guarantee the safety of one’s assets.

Users Lost Over $330 Million to Crypto Hacks in Q3

The crypto space has been plagued by a series of hacks and scams since the start of the year, particularly in the third quarter of 2023.

According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.

In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits. 

One notable event was the Mixin Network attack on September 23. The Hong Kong-based decentralized cross-chain transfer protocol suffered a substantial breach, resulting in a loss of $200 million due to a breach of its cloud service provider.

Another major incident occurred on September 12, when CoinEx, a cryptocurrency exchange, experienced a suspected attack following a substantial outflow from four of its hot wallets. This breach led to losses exceeding $53.1 million across the hot wallets.

More Articles

Price Analysis
$TRUMP Pumping Over 20% This Week: Presidential Memecoin Back for Good?
Arslan Butt
Arslan Butt
2025-02-15 15:26:50
Price Analysis
Study Predicts Bitcoin Surge to $1M by Early 2027: Is That Possible?
Arslan Butt
Arslan Butt
2025-02-15 14:45:43
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors