A certain Phillipe Christodoulou has reportedly lost 17.1 BTC (worth appr. $1.04 million) to a fake mobile app that he downloaded from the Apple Store.
The app posed as a mobile version of the popular hardware wallet Trezor but was only designed to steal funds from unsuspecting users. According to the victim, the app looked legitimate as it had a close to five-star rating on the app store and used a logo identical to Trezor’s.
However, upon installing the app and providing his Bitcoin seed phrase as requested, it only took a few minutes for him to realize that his funds were gone. While those bitcoins were worth roughly $600,000 when the incident took place last month, a further increase in Bitcoin price means that the 17.1 bitcoins have risen in value by more than 50%.
Who is to Blame?
In an interview given to The Washington Post, Christodoulou noted that while he was unhappy about the loss, he blamed Apple mostly for allowing developers to offer fake apps on their platform.
He reportedly said:
“They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this”.
Apple brands its App store as “the world’s most trusted marketplace for apps.” The tech giant claims to rigorously vet apps that get listed on its store, and for this reason, most users like Christodoulou do not care about verifying the authenticity of apps before downloading.
However, shady developers such as the creators of the app that stole Christodoulou’s bitcoin use tactics that Apple has failed to tackle. They first submit authentic apps for Apple’s approval, and then subsequently modify these apps to collect sensitive user information such as passwords and cryptocurrency seed phrases.
To date, many malicious apps have continued to flood Apple and Google’s app stores, and the companies are not doing much to curb the menace.
Like Christodoulou has learned the hard way, app users, especially cryptocurrency holders, must double-check wallet apps that they install either on mobile or desktop. Only downloading apps through links from official websites can also protect users from such ugly incidents.