Several users of Trezor, a small hardware device known as a cold storage crypto wallet, have been fooled out of $1 million worth of cryptocurrency by a fake app with the same name. The app appeared to be developed by SatoshiLabs, the actual creators of Trezor.
As WashingtonPost reported, both the iOS and Android versions of the fake app have been since taken down by Apple and Google respectively.
Both fake Trezor apps were downloaded about 1,000 times, while the iOS app was available for at least two weeks from 22 January to 3 February.
The victims didn’t know there is no official Trezor app available from the company. The fake app effectively mimicked the name and visual style of the Trezor brand, and had 155 reviews with a high rating of close to 5 stars.
Once the victim buys crypto with their money, the app transfers the cryptocurrency to a wallet owned by the app’s creator. It is very similar to what a legitimate app would be doing, thus it is hard to detect that something is wrong.
One of the victims, Phillipe Christodoulou, downloaded the fake Trezor iOS app so that he could check his cryptocurrency balance on his phone instead of plugging the Trezor device into his computer via USB. He lost 17.1 Bitcoins – at the time of writing, worth over $1 million USD.
This isn’t the first time that scammers made fake Trezor apps. In January 2021, Trezor warned Android users of a malicious app posing as an official app for Trezor from SatoshiLabs.
Phillipe rightfully blamed Apple for publishing a fake app on the App Store which the company calls “the most trusted marketplace for apps.”
Both Google and Apple perform screening of apps before they’re published in stores, but these incidents show these screenings are not perfect.