- A fake WalletConnect app on Google Play Store was downloaded 10,000 times and stole over $70,000 in cryptocurrency before it was removed.
- Only 150 users were affected by the phishing scam, despite the app's high download count.
A fake crypto wallet app, posing as WalletConnect, was downloaded 10,000 times from the Google Play Store over a four-month period before being removed. The app, which engaged in phishing attacks, led to the theft of over $70,000 in cryptocurrency. Despite the high number of downloads, only 150 users were deceived, according to a report by Checkpoint Research.
The malicious app mimicked WalletConnect, a legitimate Web3 protocol that allows secure interaction between cryptocurrency wallets and decentralized applications (dApps) through QR codes. Users of the fake app unknowingly authorized fraudulent transactions, granting scammers access to their funds.
Michael McLaughlin, co-leader of the Cybersecurity and Data Privacy Practice Group at Buchanan Ingersoll & Rooney, stressed the importance of digital security for crypto users.
“Basic cybersecurity hygiene, even on your mobile devices, is paramount,” he said.
He advised using multi-factor authentication (MFA) on crypto trading platforms such as Coinbase and Kraken, adding, “You have to implement them.”
McLaughlin also urged users to be cautious when downloading apps from digital stores, checking for sufficient reviews and ratings.
“If it has only three users and no stars, you're not going to trust it,” he noted.
He further advised checking an app’s history for sudden changes, citing an example where a flashlight app with a strong user base suddenly became a cryptocurrency app.
“It would still have the same number of users, it would still have the same rating, but now you just change the name of it,”
McLaughlin said, warning users to be vigilant against such scams.
Edited by Harshajit Sarmah