Due to a fake Trezor app, 17.1 bitcoin were stolen, equivalent to almost a million dollars.
This was reported by the Washington Post, which revealed that a certain Phillipe Christodoulou had downloaded and installed on his iPhone an app called “Trezor”, which was officially available in the App Store.
The app had been authorized by the managers of the App Store, and was rated almost five stars.
The problem was that it was a fake app made by real fraudsters, who, as soon as Christodoulou entered his Trezor details, proceeded to steal the entire 17.1 BTC he was storing there.
The thing is, bitcoin are not physically stored on the wallet, they are only ever stored on the blockchain, so anyone who gets hold of the private keys of a wallet can actually move the BTC stored on it. It is also worth noting that private keys are generated from the seed, so it is enough to own the seed of a wallet to easily regenerate private keys.
Unfortunately, fake apps are nothing new, but they are usually not capable of doing this kind of damage. It will now be necessary to assess what role Apple itself might or might not be considered in this affair, since it is up to the company to check and verify apps before authorizing them.
However, it is also worth mentioning that Apple seems to have so far kept very far away from the cryptocurrency sector, and perhaps this is starting to work against them, since they have probably not been able to accumulate enough experience to recognize, for instance, that fake apps of this kind are outright attempts at fraud (i.e. crimes).
The company has also already acknowledged in the past that other cryptocurrency scams have been perpetrated in the App Store, although it has not revealed how many. At this point, it seems at least anachronistic that Apple continues to want to stay out of this new sector.
Furthermore, two very similar fake apps also appeared on the Google Play Store, but have been removed.
Trezor’s warnings about the fake app
Trezor obviously had nothing to do with this, not least because it is up to the user, and not Trezor, to carefully protect the seed so that it doesn’t get stolen. In other words, paradoxically, it was Christodoulou himself who sent his seed to the fraudsters by inserting it in the fake app. For this reason, it is advisable to use only official apps, downloaded directly from the manufacturer’s website.
Trezor spokeswoman Kristyna Mazankova said that the company has been informing Apple and Google of the existence of these fake apps for years, especially since Trezor has never had a mobile app, although it is working on one.