Crypto Scam Alert: 150 Victims Lose Over $70,000 to Fake Wallet on Google Play

150 victims lost funds despite Google Play security measures. Are you at risk?
Crypto, Crypto Scams, VOC, Voice of Crypto
Published on

Key Insights

  • This week, security researchers uncovered a scam crypto app, posing as the real WalletConnect.

  • This app managed to evade detection for about five months.

  • Within this span, it garnered 10,000 downloads and stole more than $70,000 from 150 people.

  • McAfee researchers also uncovered around 280 similar scam apps in September alone.

This week, a major phishing scam came to light.

In this scam, a counterfeit crypto wallet was used to siphon off over $70,000 worth of digital assets for about five months.

This fake app, which posed as the legit WalletConnect tool, was available on the Google Play Store for more than four months before being removed.

However, before its removal, the app had been downloaded a total of 10,000 times after managing to deceive 150 victims into compromising their wallets.

Here’s how it all went down

How the Scam Worked

The real WalletConnect app is generally used to connect crypto wallets to Dapps securely, using QR codes.

It simply allows these users to interact with any Dapp and approve transactions, without having to expose their private keys.

However, this fake app took advantage of the real deal’s popularity to redirect users to a phishing website.

The users who stayed on this fake site were then tricked into connecting their wallets and approving the transactions that ultimately drained their wallets.

The fake WalletConnect app

The fake WalletConnect app

The scam, as highlighted by Checkpoint Research, worked by asking users to authorize transactions that granted the attackers access.

Interestingly the attackers placed importance on withdrawing high-value tokens like Ethereum and BNB, before moving on to less valuable ones.

The mode of operation

The mode of operation

Checkpoint Research notes that the app remained available for download for five months and accumulated over 10,000 downloads.

Despite this large number of downloads, only 150 people fell victim with a collective loss of more than $70,000.

Manipulating Google Play Security and Rankings

The attack was truly sophisticated, in that the hackers attempted to increase visibility and lure more users by boosting the app's ranking on Google Play.

They did this by using fake reviews to keep the malicious app on the platform for longer.

Interestingly, despite being a scam app, only 20 of the victims who lost their assets left negative reviews.

In essence, researchers believe that the scammers might have artificially pumped the number of downloads.

But doesn't Google Play have security measures?

Yes, it does. The app store has security mechanisms in place to block scams or malicious apps.

However, this particular app managed to evade detection for months, via a very clever strategy.

Instead of embedding the malicious programs in the app itself, the developers relied on redirecting users to an external site where the theft happened.

This made it more challenging for Google Play’s defenses to flag it as the scam that it was.

Similarities between fake (left) and real (right)

Similarities between fake (left) and real (right)

This incident shows the importance of caution when linking crypto wallets to any platform or service.

Crypto users are especially vulnerable to scams.

This is considering how it only takes the wrong click of the wrong button to grant scammers access to a wallet.

Going forward, users are advised to inspect any transactions (or even smart contracts if possible) before approving transactions.

It is also important to only use trusted platforms and perform thorough research:

Even when downloading apps from reputable sources like the Google Play Store.

McAfee Uncovers 280 Fake Crypto Android Apps

The scams go even further than many realize.

Only last week, McAfee’s Mobile Research Team unearthed a mind-boggling 280 Android apps of the same nature.

These apps were disguised as banking, government, and even utility apps.

Upon download, they use phishing tactics to steal everything from names to emails, to location data, private keys and even mnemonic recovery phrases.

Some of these apps, when downloaded, immediately begin to scan the phones of their victims for images (mostly screenshots) showing wallet information.

If any are found, the app uploads this data to the attacker’s servers.

Malicious actors can then use the collected seed phrases to access victim wallets and siphon funds.

This said, it is important today, for users to be careful of the apps they install and the permissions they grant.

How To Stay Safe

Crypto users should avoid taking screenshots of their private keys or storing vital information on devices.

As McAfee researchers recommend, everyone should consider isolating important info from their devices.

They should also write seed phrases on a secure piece of paper or rely on security software to safeguard their data.

While platforms like the Google, Apple, or Microsoft app stores are effective in protecting users from scam apps, they are not infallible.

Once in a while, a well-designed scam manages to slip through the cracks.

Overall, the recent surge in scams within the space shows the need for better awareness in the crypto space.

It doesn't matter if the app in question is a well-known protocol like WalletConnect or not:

It is still important to double-check every link, transaction and permission request. With over $70,000 stolen so far from a single app (plus hundreds more at large), everyone must remain vigilant at every step.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.

Related Stories

No stories found.
Voice Of Crypto
voiceofcrypto.online