Accompanying the phenomenal rise of cryptocurrencies was the growth of various crypto scams. We have seen anything from fake princes asking for help in crypto to shady apps that masquerade as popular wallets.
Today, we’re looking at crypto wallet scams, which is a form of phishing that invites users to enter their passphrases and private keys into the fake app so that the perpetrator can spend all the crypto in their account.
It is a fairly popular scam despite the efforts of Apple and Google to keep their app marketplaces clear from scam.
Before we delve into details, let us first explain what a crypto wallet is.
What is a crypto wallet?
According to Wikipedia, a cryptocurrency wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often also offers the functionality of encrypting and/or signing information.
Hardware wallets are classified as “cold storage,” meaning your private keys are never exposed to the internet and are, instead, safely stored in your pocket or a safe. Since the wallet is protected by a passphrase or some other form of authentication, someone who steals or finds your wallet would still not be able to access your keys.
On the other hand, a software wallet presumes storing cryptocurrency as software files on a computer or a web service. Creating a wallet means you have already created an address which represents your “ID”. You can then use this address to receive cryptocurrency.
What about fake crypto wallets?
Fake crypto wallets are apps that are typically created using the logo and website of a reputable crypto wallet maker. In that sense, someone who comes across the app would gain confidence in its legitimacy, though as we know – that is not the case.
Once the user has installed the app, the scam wallet will ask for his/her credentials, allowing the app maker to gain access to the user’s cryptocurrency holdings. From that point on, they can move money from one side of the globe to the other and there is little that could be done to prevent this as crypto moves fast across the Internet.
It is important to add that crypto scam apps are rather common and they could be found even on Apple’s AppStore and Google’s Play Store. Hackers are eager to get access to crypto wallets and will put an extra effort in order to trick Apple’s app curators and Google’s algorithms into letting them place their apps into popular app marketplaces.
How to identify fake crypto apps?
One rule I’m telling to my friends is to never search for a crypto wallet app in the AppStore or Play Store. Instead, if they want to use a software (or web-based) wallet, they should go to the website of the company behind that wallet and click on the appropriate link to download the mobile app for their phone or tablet.
This way, you get to download the official app instead of stumbling onto the fake one, which could use the same logo. This is especially taking place in Google’s Play Store, where everyone can submit an app without a single human looking into it. The same could happen in Apple’s AppStore, though the number of cases is much smaller.
Also worth adding is that as of writing this article, the maker of the hardware wallet Trezor doesn’t have its mobile app and, consequently, all apps that use their logo are in most cases fake apps, designed with purpose to steal your crypto assets. So if you see Trezor’s logo in an app listing, consider it a red flag.
If you do, however, find some really cool app in the app store, make sure to visit the developer’s website first and do your due diligence, trying to figure out whether it’s a product of a real company or “yet another fake app.” It’s your money, so be careful.