A fake WalletConnect app on Google Play Store stole $70,000 in cryptocurrency from over 150 users.
The fraudulent app mimicked WalletConnect’s name and logo, misleading users and redirecting them to a phishing website.
Despite being downloaded 10,000 times, only 20 users reported the scam before Google removed the app after five months.
Check Point Research security experts have discovered a fake app on the Google Play Store. The application, which was identified as WalletConnect, deceived over 150 customers and stole $70,000 in cryptocurrency. The fraud took advantage of users' trust by replicating the official WalletConnect protocol.
How the WalletConnect Fraud Worked
The fake WalletConnect app, with a name and logo similar to the authentic version, misled users into thinking it was safe. After installation, users connected their cryptocurrency wallets, assuming the app was secure. The attack comes after the recent launch of the WCT token by WalletConnect.
https://twitter.com/WuBlockchain/status/1839868155906404833
However, the app redirected them to a malicious website, where attackers accessed their wallets. Once inside, they swiftly transferred funds to their own accounts.
Despite being downloaded over 10,000 times, the scam remained mostly unnoticed. Only 20 victims left negative reviews on the Google Play Store. This allowed the attackers to cover up their illegal activities behind fake positive reviews.
Due to the fake reviews, the app remained online for five months before it was taken down by Google. In related news, the SEC recently charged two crypto platforms with fraud, highlighting the growing prevalence of scams in the cryptocurrency space. This further emphasizes the need for vigilance among users.
Steps for Users to Protect Themselves
Users who installed the fake WalletConnect application should uninstall it immediately, according to security experts. Users should also monitor their accounts for any unexpected activity. If any illegal activity occurred, users should change their passwords and activate multi-factor authentication.
According to Michael, who is a cybersecurity specialist, MFA is one of the most important techniques for protecting digital assets. This additional layer of security will prevent illegal access to cryptocurrency accounts, even in cases when compromised login credentials are at stake.
Furthermore, McLaughlin recommends that people thoroughly investigate apps before downloading. Aside from reading user reviews, they should also look at the app's downloads and ratings history. Scammers frequently create fake reviews in order to appear real.
The WalletConnect scam demonstrates the growing threats in the cryptocurrency market. Users must take extra steps, such as screening apps and enabling better security structures, to protect their digital assets against similar attacks.
The post WalletConnect Fraudulent App Exploits Google Play, Steals $70,000 from Crypto Users appeared first on Crypto News Land.