Bogus crypto wallet on App Store steals $9.5M

[_act_]

It started with a fake Ledger Live app on App store for macOS users, between April 8 and April 11, three different victims lost $3.23 million, $2.08 million and $1.95 million. But in total, the thieves were able to take around $9.5 million from over 50 people before Apple deleted the app.

The fake app was able to steal peoples bitcoin, ethereum, tron, solana, ripple and other cryptocurrencies before the fake app was taken down.

I am very sure that the app would have just little number of downloads which would be a huge reason to know that it is fake. Another thing is that it is better you go to Ledger website to download necessary apps. This is a very simple mistake that can be avoided.

Why are people making use of cryptocurrencies but they do not learn about how to protect themselves from bad people that can steal their cryptocurrencies.

I am not saying Ledger is a good wallet, but this is just an awareness again that we should learn how to protect our cryptocurrencies.

https://appleinsider.com/articles/26/04/14/bogus-crypto-wallet-on-app-store-steals-95m

[DYING_S0UL]

It started with a fake Ledger Live app on App store for macOS users, between April 8 and April 11, three different victims lost $3.23 million, $2.08 million and $1.95 million. But in total, the thieves were able to take around $9.5 million from over 50 people before Apple deleted the app.

The fake app was able to steal peoples bitcoin, ethereum, tron, solana, ripple and other cryptocurrencies before the fake app was taken down.

I am very sure that the app would have just little number of downloads which would be a huge reason to know that it is fake. Another thing is that it is better you go to Ledger website to download necessary apps. This is a very simple mistake that can be avoided.

Another hack related to apple's appstore or android's playstore? Man not again!...if these official sources are not secure, I don't know what really are..this is really alarming.

We used to advise people that don't download and install apps from unknown sources, now we'll be advising that don't download anything from official app/play stores... ironic, isn't it?

Now comes the last part, which is the Ledger website. With so many phishing websites close to 99.99 identical to the original, sometimes users cannot but fall for the fake ones. With simple google searching, it becomes dangerous if we are not paying enough attention. Moreover, we should verify the websites once and bookmark them for forever, to avoid accidents.

[Free Market Capitalist]

It’s not enough to just download a fake app. As I saw on another site, the problem is that those apps asked users to enter their private keys on their computers, and some unsuspecting people fell for the scam, as the article linked by the OP also points out:

As BleepingComputer points out, the malicious Ledger Live app tricked 50 macOS users into giving away their seed and recovery phrases, which let bad actors take their funds in a matter of days.

Basically, if you’re careful about where you download apps from, and—most importantly—NEVER write your private keys on your computer (only on the USB drive), you’ll be safe from these scams.

[hugeblack]

Overconfidence may be the reason, as there is a false sense of security through the use of the Apple Store and Hardware wallet.
the targeted amounts seem larger than just downloading a random app on the Apple Store; they may be part of larger social attacks.

[tech30338]

This is why I Always check what im going to download in my app if its seems off its not going, and if this app seems like slowing my unit, for some reason not going to use it, although the first thing should do first is check the app you are going to install.
Some people is correct too confident that where we download is safe, but in reality, those were not totally check and some will make it in the list of application with a hidden agenda on it, to steal, so it be phone or computer, if we are dealing with big amount we should invest on the most safest hardware if needed no questions ask.

[Outhue]

Something similar has been discussed already on this forum but I guess the numbers of victims are growing, because this amount isn't what the other have lost.

https://bitcointalk.org/index.php?topic=5580115.msg66611016#msg66611016

The only thing that hardware wallets needs to come up with as a solution to battle this scam is to never release any hardware wallet app into the market, app store, it should be officially available on the website only, no Playstore, no Apple store.

If they want this to be even more effective they should make hardware wallets that doesn't need apps to operate separately, if all hardware wallets can be operated in the device itself without the need of apps it will help alot, although this type of scam is users own mistakes, something that can be avoided if they truly understand the right way to operate and use a hardware wallet.

[Zaguru12]

Overconfidence may be the reason, as there is a false sense of security through the use of the Apple Store and Hardware wallet.
the targeted amounts seem larger than just downloading a random app on the Apple Store; they may be part of larger social attacks.

This is it, overconfidence about the whole thing, I could remember that in the past Apple Store doesn’t allows much of this recent applications been on their store without strict scrutiny and then it got praises but that is very the case for any of them now. The rule remains that you should simply go to the right source, verify file signature if it’s available. But most of the time people are too casual taking their wallet security serious.

Yes it’s a larger social engineering attacks that might have even included phishing attacks. Also one thing is all those reviews we see on an app are usually manipulated as it is mostly fake reviews which is done by a group of scammers themselves.

It’s not enough to just download a fake app. As I saw on another site, the problem is that those apps asked users to enter their private keys on their computers, and some unsuspecting people fell for the scam,

It’s definitely going to be a trick to reveal their keys, just downloading an application can not steal your keys directly from the wallet, the scam is you are asked to enter your recovery seed phrase or private key for recovery or asked to sign a phishing message. One thing people usually use to get carried away with.  This is a cold wallet it would never ask for keys on its live wallet app

[Peanutswar]

After with these recent issues with the App store of having a fake application which is submitted to their platform I guess the security and the approval of the Apple are getting weaken, before Im into Apple product because they are restricted when it comes with the release of an application to their paltform because of the security check they have been used to but right now ive seen not only this post but also into the other forum that there are people getting victim if downloading with this fake crypto wallets. Now one of my practices are into direct visiting their legit website and there is a shortcut most likely to their platform once you click the download it will re-direct you if its for android, ios or desktop. But still there is a risk possible visiting a wrong website but of course you will bookmarks the legit one.