🔥 Fake Wallet App Steals $70K in Crypto
WalletConnect
The app, known as WalletConnect, has mimicked the reputable WalletConnect protocol and has reportedly stolen $70,000 from users. It is a sophisticated scam from the fraudulent cryptocurrency wallet app, which is available on Google Play, and has been described as a world-first for targeting mobile users exclusively. Over 10,000 users downloaded the app just to find their crypto wallets drained.
The creators of this scam app were clearly sophisticated and clued-in to the typical challenges faced by web3 users. These include things such as compatibility issues and the lack of widespread support for WalletConnect across different wallets. The scam app marketed itself as a solution to these common issues and took advantage of the absence of an official WalletConnect app on the Play Store. Making use of fake positive reviews, the app looking genuine and legitimate to everyday users and managed over 10,000 downloads.
Cybersecurity firm Check Point Research discovered the fraudulent app and as part of their investigation they discovered transactions linked to more than 150 crypto wallets. These victims of the scam had been instructed to link their wallets after installing the app, under the false pretence of a secure and seamless access to web3 applications.
Once users authorised transactions they were redirected to a malicious website that harvested their wallet details. Through the exploitation of smart contracts, the hackers were then able to initiate unauthorized transfers to drain the unsuspecting victims wallets.
Google removed the malicious app and highlighted its Google Protect feature following the CPR report, but this incident follows similar attacks targeting mobile users, including a previous case where over 11 million Android users unknowingly downloaded apps infected with Necro malware. This resulted in unauthorised subscription charges and is one of many attempts by hackers to target mobile users.