Scammers Run Off with $70K Using Fake WalletConnect App on Google Play Store

Users were swindled of more than US$70,000 in cryptocurrency by a fake wallet app impersonating the popular Web3 protocol WalletConnect. The malicious application, which was taken down by the Google Play Store after four months, exposes the ongoing challenges with securing the cryptocurrency ecosystem.

A report by Checkpoint Research estimated that the fraudulent app was downloaded 10,000 times, but only 150 users actually fell victim to the scam. This malware would ultimately redirect users to a phishing site that would subsequently deceive the user into allowing transactions and access to funds.

The actual WalletConnect protocol securely connects cryptocurrency wallets and dApps through the use of a QR code, with the user being able to confirm transactions without exposing private keys.

Michael McLaughlin of the Cybersecurity and Data Privacy Practice Group at Buchanan Ingersoll & Rooney advised to implement multi-factor authentication on crypto trading platforms, whether it's Coinbase, Kraken, or something else.

He stressed the need for wider scrutiny of cryptocurrency applications in particular, which were enabled to be rapidly uploaded and accessed through digital shops. McLaughlin suggested that users take note of an app's ratings and reviews when deciding whether to download the app: "If it has only three users and no stars, you're not going to trust it," he said.