Fake Wallet App Steals $70K from 10,000 Google Play Users

In one of the most sophisticated scamming schemes, investigational findings have busted a fake wallet app on Google Play. Notably, renowned internet security firm Check Point Research (CPR) took it upon itself to draw unsuspecting users' attention to the fraudulent app.

The internet security firm identified the malicious application as WalletConnect. For context, readers should note that an authentic WalletConnect existed. However, the fake entity appeared on Google Play, attracting over 10,000 users who downloaded it. Before the fraudulent app’s removal from Google Play, it has succeeded in stealing an estimated $70,000 from unsuspecting victims.

Fake Wallet Developers Posed as Solutions Providers to Web3 Users' Challenges

 Aside from taking advantage of the absence of the original WalletConnect on Google Play, the scam perpetrators identified most Web3 users' problems and posed as solution harbingers.

Notedly, the culprits took advantage of the compatibility problems involved with linking WalletConnect across different wallets. Also, some fake positive reviews about the app made the scam more enticing.

As stated earlier in this insight, the CPR investigation spotlighted 10,000 downloads. However, further findings uncovered transactions linked to over 150 wallets. Hence, it establishes a more precise number of affected users.

Fake Wallet’s Exploitative Mechanism

After downloading and installing the fake wallet, the fraudulent application prompts users to connect their wallets to enjoy advanced Web3 and other trading features.

Having linked their wallet addresses to the fake wallet, triggering any transaction will redirect users to a malicious website. The fraudulent website steals victims' secured wallet security details, enabling it to exploit users via smart contracts.

With the information obtained, the malicious actors gain access to their victims' wallets and safe storage, eliciting unauthorized fund transfers. The particular scamming scheme has been going on for five months. However, only twenty negative reviews appeared on Google Play.

The scammers ensured they overshadowed the implicative comments with many fake positive reviews. Hence, the app's malicious acts remained unnoticed for almost five months until August. The fraudulent findings emerged following investigations. In response, Google Play removed the app, including its malicious components identified by the CPR, from the Android Play Store.

Disclaimer: This article is intended solely for informational purposes and should not be considered trading or investment advice. Nothing herein should be construed as financial, legal, or tax advice. Trading or investing in cryptocurrencies carries a considerable risk of financial loss. Always conduct due diligence before making any trading or investment decisions.

Subscribe to our Newsletter

Join our community and stay up-to-date with the latest news, updates, and exclusive offers by subscribing to our newsletter. Enter your email address below to receive our monthly newsletter directly to your inbox.

pop up image

Experience the Best of Online Payment with Crypto

UPay offers mainstream-friendly access to crypto. Easily buy, swap, make payouts, and manage funds using our crypto card. No cross-border fees.