Fake WalletConnect App on Google Play Defrauds Users Out of $70K
The world of crypto is heating up once again. Scams have become so common that every day brings new dangers for users, affecting many individuals. That’s right! Boztech is here to inform you about another major scam, this time involving a fake WalletConnect crypto app on Google Play that stole not just a few dollars, but a staggering $70,000. Want to hear the whole story? Keep reading!
So what happened?
According to a recent article by Check Point Research (CPR), a deceptive app disguised as a legitimate crypto wallet tricked users into downloading it. CPR highlighted this issue on September 26, 2024.
A malicious app, initially disguised as a simple calculator, has been discovered on the Google Play Store and has compromised the funds of over 150 users. The app, known as “Mestox Calculator,” was first uploaded in March 2024 and later transformed into a WalletConnect application.
Despite its seemingly innocent appearance, the app contained a cryptocurrency drainer, known as MS Drainer. Once downloaded, unsuspecting users were redirected to a malicious backend where their funds were siphoned off.
Through a combination of fake reviews and consistent branding, the app managed to accumulate over 10,000 downloads, tricking many users into believing it was a legitimate tool as it was ranking in search engines. This incident shows the importance of exercising caution when downloading apps from official app stores and verifying their authenticity.
This technique enabled the app’s developers to bypass Google’s review process, as any verification would merely lead to the calculator interface. After installation, the deceptive app prompted users to link their crypto wallets and grant various permissions. Its creators then employed advanced draining techniques to initiate fraudulent transactions. Unaware users consented to these transactions, allowing the scammers to extract funds directly from their wallets.
Research from Check Point indicates that the malicious app operates akin to conventional cryptocurrency theft, tricking users into authorizing transactions that permit the attacker’s address to access the maximum amount of specified assets.
Subsequently, tokens from victims’ wallets were transferred to different wallets which were controlled by the attackers. If the victims failed to revoke the withdrawal permissions, the scammers could continue draining digital assets whenever they became available.
Check Point also identified another malicious app named “Walletconnect | Web3Inbox,” which appeared on the Google Play Store in February 2024, accumulating over 5,000 downloads. This incident shows the increasing sophistication of cybercriminal strategies, particularly within decentralized finance, where users often depend on third-party tools for managing their digital assets.
Instead of relying on traditional methods like keylogging, the malicious app utilized smart contracts and deep links to stealthily drain assets once users were deceived into engaging with it. WalletConnect has cautioned users that there is no official WalletConnect app and emphasized the importance of remaining vigilant against such scams, even as they strive to prevent similar incidents in the future.
Recently, WalletConnect alerted crypto users about the fraudulent app on the Google Play Store. In a post on X on September 29, the organization announced that the app had been removed, but not before it reportedly swindled users out of over $70,000 in cryptocurrency. This event emphasizes the persistent dangers posed by malicious applications targeting the crypto community.
This situation highlights the importance of being cautious in the crypto world and warns users not to trust any wallet, as scams can lead to dramatic losses, sometimes thousands or even millions. This isn’t the first time such incidents have occurred, emphasizing the need for users to remain vigilant and conduct thorough research.
Tips to avoid fake wallets
But don’t worry! Boztech is here with some key pointers to help you protect yourself from fake wallets, especially in light of incidents like those involving WalletConnect:
- Always download wallets from official websites or trusted app stores. Avoid third-party links.
- Check for the correct domain names to verify URLs. Phishing sites often mimic legitimate ones with slight alterations.
- Enable Two-Factor authentication to add an extra layer of security.
- Research wallet apps and read user reviews to identify any red flags or reported scams.
- Prefer wallets that are open source, as they can be audited for security vulnerabilities.
- Avoid clicking on unsolicited links in emails or social media. Always type URLs directly into your browser.
- Regularly check your wallet’s transaction history for any unauthorized activity.
- Always keep your wallet software updated to protect against known vulnerabilities. For significant amounts of cryptocurrency, consider using hardware wallets for enhanced security.
- Stay informed about common scams and phishing tactics used by fraudsters. Trust your instinct, if something feels off, do not proceed.
By following these tips, you can significantly reduce the risk of falling victim to fake wallets.
At Boztech, we are always here to advise you on what’s best. Don’t let this happen to you! Stay aware and use our services to keep your crypto trades safe and secure.
What do you think about this scam? It went on for several months. Have you ever faced a similar scam? Comment below and let us know!
Follow Boztech for more updates!
