$600 000 USD

MARCH 2021

GLOBAL

TREZOR

DESCRIPTION OF EVENTS

"The safe place for your coins." "Store your coins with Trezor." "Hardware wallet is the safest way to manage & trade your cryptocurrencies."

 

"Apple touts its store as “the world’s most trusted marketplace for apps.” Speaking to the Washington Post, a spokesperson for Apple explained that all apps undergo a rigorous review process—but acknowledged that there have been other cryptocurrency scams on the App Store." "Apple bills its App Store as “the world’s most trusted marketplace for apps,” where every submission is scanned and reviewed, ensuring they are safe, secure, useful and unique."

 

“User trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since,” said Apple spokesperson Fred Sainz. “Study after study has shown that the App Store is the most secure app marketplace in the world, and we are constantly at work to maintain that standard and to further strengthen the App Store’s protections. In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future.”

 

"Per a report in The Washington Post, Trezor user Phillipe Christodoulou had stored his Bitcoin on a Trezor hardware wallet, and—wanting to check his balance—downloaded an app purporting to be from Trezor on the iOS App Store." "Phillipe Christodoulou wanted to check his bitcoin balance last month, so he searched the App Store on his iPhone for “Trezor,” the maker of a small hardware device he uses to store his cryptocurrency. Up popped the company’s padlock logo set against a bright green background. The app was rated close to five stars. He downloaded it and typed in his credentials."

 

"Although Trezor does not currently support Apple's iOS mobile operating system and does not have a mobile app, [an] app used the company's name and branding, and had a user rating of nearly five stars—making it appear trustworthy." "Up popped the company’s padlock logo set against a bright green background. The app was rated close to five stars." "[T]he Trezor app had 155 reviews on the App Store for a rating of close to five stars, according to App Figures, the analytics firm."

 

"In this specific instance, the fake Trezor app was initially presented in the “cryptography” category—as a solution for encrypting iPhone files and storing passwords—before it was changed by the developers into a crypto wallet app." "The thing is, Trezor — which manufactures very-secure hardware wallets — doesn’t actually have an app, so when the holder entered the seed recovery phrase for his wallet, he was unwittingly handing the keys to his bitcoin over to the peddlers of a fake application."

 

"After Christodoulou downloaded the app and entered his credentials, all of his crypto immediately disappeared." "In less than a second, nearly all of his life savings — 17.1 bitcoin worth $600,000 at the time — was gone. The app was a fake, designed to trick people into thinking it was a legitimate app." "A malicious smartphone app on Apple’s App Store, mimicking the name and visual style of Trezor hardware wallets, was used to steal 17.1 Bitcoin (BTC) from an unsuspecting user—worth $600,000 at the time."

 

"Only one of Christodoulou’s 18.1 bitcoin was spared because he transferred it to a bitcoin savings service called BlockFi. At the time of the theft, his 17.1 stolen bitcoin were worth $600,000, but they soon went up in value to $1 million."

 

"Christodoulou is angrier at Apple than at the thieves themselves: He says Apple marketed the App Store as a safe and trusted place, where each app is reviewed before it is allowed in the store."

 

"Christodoulou, once a loyal Apple customer, said he no longer admires the company." “They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this,” Christodoulou said.

 

"[I]n fact, it’s easy for scammers to circumvent Apple’s rules, according to experts. Criminal app developers can break Apple’s rules by submitting seemingly innocuous apps for approval and then transforming them into phishing apps that trick people into giving up their information, according to Apple. When Apple finds out, it removes the apps and bans the developers, the company says. But it’s too late for the people who fell for the scam."

 

"That evening, Christodoulou went into the App Store again to look more closely at the reviews." "When Christodoulou opened up the written reviews, he read complaints from other people who had been scammed in the same way. The five-star ratings that helped make the app seem legitimate must have been fake, he concluded."

 

"The app that was used to scam Christodoulou was available on the App Store from at least January 22 to February 3 and was downloaded around 1,000 times."

 

"Christodoulou says he’s taking medication and seeing a psychiatrist." “It broke me. I’m still not recovered from it,” he said.

Trezor did now have any IPhone version of their application. A scammer created a fake IPhone Trezor application. This was downloaded and requested the sensistive information, presumably the seed phrase. Once provided, all balances on the wallet were stolen. The app has since been removed. It is unclear if any funds were recovered.

HOW COULD THIS HAVE BEEN PREVENTED?

There is no reason to ever enter a seed phrase into an application. All hardware wallets on the market establish that any phrase should be entered into the hardware wallet hardware itself.

 

Always check and visit the official website of a service. The majority of funds should be stored offline and not on a live wallet application. When setting up a new wallet or upgrading wallet software, never enter your pass phrase or send any funds without first transferring a smaller amount.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.