Apple users have lost over $1.6 million worth of Bitcoin and other cryptocurrencies to hackers after falling victims to a sophisticated phishing attack involving a fake version of the popular Trezor wallet on the firm’s ‘App Store,’ reported the Washington Post on Tuesday.
Losing Bitcoin to fake apps
It was the quintessential right thing in their mind: They chose a hardware wallet app, sent it their Bitcoin or typed in their private keys, and embraced the ‘cold’ storage method of storing their assets instead of trusting third-party, unregulated exchanges.
But that’s where things went wrong. The Trezor app they downloaded turned out to be a fake of the original hardware wallet, meaning any Bitcoin sent to (or any private keys entered in) such a fake wallet address was pocketed by the cyber thieves themselves, instead of finding a way to safe storage.
One such victim was Phillipe Christodoulou, who downloaded the fake Trezor last month to check his wallet balance as Bitcoin prices shot through the roof. He downloaded the app, typed in his private credentials, and, almost immediately afterward, lost over 17.1 Bitcoin—worth $600,000 at the time and worth a significant chunk of his life savings.
Christodoulou’s not alone. Coinfirm, a UK-based crypto investigations and regulations, claims to have received over 7,000 inquiries about stolen crypto assets since October 2019. It adds that such fake apps in Google’s Android Play Store and the App Store are common.
As per the firm, five people have confirmed to have lost cryptocurrency stolen by the fake Trezor on App Store for losses totaling $1.6 million. Three other users, on the other hand, have lost over $600,000 in crypto to fake Trezor apps on Android.
Apple, on its part, has not yet named the developer of the fake Trezor app or provided their contact information to victims. The firm has, furthermore, not revealed if it has provided any information to law enforcement.
Whatever happened to Apple’s famed security?
Apple products and the App Store are long-regarded for their safety and security features, meaning the presence of scam applications comes as a surprise to many. The firm actively curates its store and passes each app through extensive quality tests before their listing—a move that helps increase customer trust.
It’s why users like Christodoulou are angrier at Apple than the hackers themselves. He says Apple marked the fake Trezor app as a ‘safe and trusted’ one, trusting the firm’s security instead of using his own discretion.
“They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this,” he said in a statement.
Apple, on its part, says it does take action against such scams. “In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future,” said Apple spokesperson Fred Sainz.
But it can do little if the scam has already taken place. And for some, that means the $1.6 million worth of Bitcoin is gone…forever.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
Join now for $19/month Explore all benefits
Like what you see? Subscribe for updates.