Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
57,453
20,292


A scam bitcoin app that was designed to look like a genuine app was accepted by Apple's App Store review team and ended up costing iPhone user Phillipe Christodoulou 17.1 bitcoin, or upwards of $600,000 at the time of the theft, reports The Washington Post.

apple-bitcoin-app-scam.jpg

Christodoulou wanted to check on his bitcoin balance back in February, and searched Apple's App Store for "Trezor," the company that makes the hardware device where he stored his cryptocurrency. He saw an app with the Trezor padlock logo and a green background, so he downloaded it and entered his credentials.

Unfortunately, the app was fake, and was designed to look like a legitimate app to fool bitcoin owners. Christodoulou had his total bitcoin balance stolen from him, and he's angry with Apple. "Apple doesn't deserve to get away with this," he told The Washington Post.

Apple reviews all App Store app submissions to prevent scam apps from being downloaded by iPhone users, but there are plenty of scam and copycat apps like the fake Trezor app that slip by and have major consequences for iPhone users.

Apple says the fake Trezor app got through the App Store through "a bait-and-switch." It was called Trezor and used the Trezor logo and colors, but said that it was a "cryptography" app that would encrypt iPhone files and store passwords. The developer of the fake app told Apple that it was "not involved in any cryptocurrency." After the fake Trezor app was submitted, it changed itself into a cryptocurrency wallet, which Apple was not able to detect.

Meghan DiMuzio, the executive director for the Coalition of App Fairness that counts anti-Apple companies like Epic Games as a member, said that Apple "pushes myths about user privacy and security as a shield against its anti-competitive App Store practices." She said that Apple's security standards are "inconsistently applied across apps" and "only enforced when it benefits Apple."

Apple spokesperson Fred Sainz told The Washington Post that Apple takes swift action when criminals defraud iPhone users.
User trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since. Study after study has shown that the App Store is the most secure app marketplace in the world, and we are constantly at work to maintain that standard and to further strengthen the App Store's protections. In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future.
Apple declined to comment on how often scam apps are found, nor how often they're removed from the App Store. The company did, however, say that 6,500 apps were removed last year for "hidden or undocumented features."

Apple acknowledged that it has discovered other cryptocurrency scams on the App Store, but did not provide specific details on numbers nor whether there had been fake Trezor apps in the past. Trezor does not offer an iOS app at all, and Trezor spokesperson said that it had been notifying Apple and Google about fake Trezor apps "for years."

Apple would not provide The Washington Post with the name of the developer of the fake Trezor app, whether that developer had other apps in the App Store under other names, nor would Apple say whether the name was turned over to law enforcement officials. Apple says that it removed the fake Trezor app and banned the developer after the actual Trezor company reported it. Another fake app popped up two days later, and Apple removed that, too.

UK-based cryptocurrency regulation company Coinbase said that it has received over 7,000 inquiries about stolen crypto assets since 2019, and fake apps found in the Google Play and App Store are common complaints. In fact, five people have had cryptocurrency stolen by the fake Trezor app on iOS, with losses totaling $1.6 million.

Data from Sensor Tower suggests that the fake Trezor app was on the App Store from January 22 to February 3, and was downloaded approximately 1,000 times. The 17.1 bitcoin that Christodoulou lost are worth close to $1 million today, and Christodoulou says that he's heard nothing from Apple on the subject.

Another iPhone user who lost $14,000 worth of Ethereum and bitcoin said that an Apple representative told him Apple was not responsible for the loss from the fake Trezor app.

Article Link: Bitcoin Scam App Approved by Apple Robs iPhone User of $600,000+
 
Last edited:

zorinlynx

macrumors 604
May 31, 2007
7,352
14,193
Florida, USA
Real banks and financial institutions have protections in place to reduce the occurrence of these scams, or at the very least give a hope of getting the money back. With cryptocurrency there is no such hope.

This is another example of why cryptocurrency is a bad thing, on top of being bad for the environment.

EDIT: I love how this reply is exactly as controversial as I expected it to be. :)
 
Last edited:

I7guy

macrumors Penryn
Nov 30, 2013
29,568
18,095
Gotta be in it to win it
Wait. I thought the wallet garden app store was suppose to protect people from this, and that's why we don't have other app stores or allow people to download apps from websites. ?
Agree. Now can you imagine the chaos if Apple can't catch everything and multiple app stores are out there with fake apps? Apple will take a rap for something they have no control over. This is why this "apple is a monopoly" thing has to go away.
 

macintoshmac

Suspended
May 13, 2010
6,090
6,979
Epic is going to love this. Whatever happened to reviewing and App Store experience and safety and all that? That’s a lot of money lost. This guy should do everything to get it back and more for the hassle and for the lapse of said security and safety promise by Apple. Accountability is accountability, as is user stupidity.
 

WiseAJ

macrumors 65816
Sep 8, 2009
1,183
3,831
PDX
Yeah, not sure how an open app store or alternate app store would have prevented this. It would probably actually make it more common place.

It is ultimately the responsibility of the user to make sure that when entering critical credentials into any app that the app is truly from the legitimate source. Don't know what this guy expects to realistically get from Apple.
 

44267547

Cancelled
Jul 12, 2016
37,643
42,503
Bitcoin is over the 40 mark if I recall from last I checked, which makes sense given its popularity right now with cryptocurrency. I think Apples vetting process is fairly efficient, but unfortunately, not every app isn’t immediately detected for fraud.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.