A phishing scam disguised as a legitimate wallet app has defrauded cryptocurrency users out of a significant sum. The malicious app, available on the Google Play Store for four months, targeted unsuspecting users by posing as WalletConnect, a popular Web3 protocol.
Fake App on Google Play Resulted in $70,000 Loss
The fake app directed users to a fraudulent website where they were tricked into authorizing transactions, granting the scammers access to their cryptocurrency funds. Despite being downloaded 10,000 times, only 150 individuals fell victim to the scam, according to a report by Checkpoint Research.
The real WalletConnect is a secure tool that enables communication between cryptocurrency wallets and decentralized applications (dApps) via QR codes. It allows users to approve transactions and interact with dApps without exposing their private keys.
Security experts are urging cryptocurrency users to exercise caution when downloading mobile applications. Michael McLaughlin, a cybersecurity and data privacy lawyer, stressed the importance of basic cybersecurity hygiene, including using multi-factor authentication and scrutinizing app reviews and histories.
“If you’re using a crypto trading platform, they offer multi-factor authentication even on their mobile applications. And you have to implement them,” McLaughlin advised. “If it has only three users and no stars, you’re not going to trust it.”
He also recommended checking for suspicious or sudden changes in an app’s history, such as a shift from a seemingly legitimate application to a cryptocurrency-related one.
