HomeBlockchainSecurityA scam website for the Yoroi wallet

A scam website for the Yoroi wallet

With the advent of the new update for the Cardano (ADA) network known as Shelley, the community also needs to update to new software and wallets in order to be able to interact without problems. This has turned out to be a great opportunity for criminals to create scam websites that are identical to the originals. Such is the case with the scam website which is exactly the same as that of the Yoroi wallet.

The website in question is almost identical to the original, even though the domain is different. But not everyone can notice this subtlety, and for this reason, many run the risk of falling victim to unpleasant surprises.

In this particular case, the scam website, (yoroi-shelley-wallet, created on 25-06-2020) differs only in the domain name from the original (created on 25-07-2018), and is extremely similar. Within the pages, there are already some suspicious things that are not present in the original.

The Yoroi scam website

In this scam site there are 3 completely foreign and very dangerous elements:

  • The link to download an iOS app;
  • The link to download an app for Android;
  • A button to request ITN rewards.

yoroi scam

It’s quite impressive how the apps seem to be really made by the Cardano team, especially in the Apple store which shows the name of the developer being EMURGO Co., Ltd, which is of course true and therefore makes it more believable, whereas when clicking on the Play Store button, we can directly download the apk file without being directed to the Google store.

When analyzing the apk files we can see how there are some suspicious images and one in particular “qr.png” which, when examined, redirects to a Cardano address, owned by the criminal. This means that if the unfortunate person were to use that QR code, they would send the funds directly to the criminal

Moreover, the malicious application would also recover the credentials of the wallet in case we wanted to import one of our own.

But even more dangerous is what would happen by clicking on the ITN rewards button. In this case, the users are shown a window in which they must enter their recovery phrase, giving the criminal the key to steal all the funds:

yoroi scam

To conclude, the website is completely identical to the original, and even the various social accounts the scam website has on it are the original ones. A poor verification would trick the user into thinking that everything is legit and they would download the software, or worse, they would enter their recovery phrase.

Please remember that these types of attacks are really sneaky. Never enter your private or seed keys into suspicious platforms. It’s always better to ask the official accounts to confirm the data reported inside the websites, since, as we have seen, they replicate the originals almost flawlessly.


Alfredo de Candia
Alfredo de Candia
Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.