Fake crypto apps are a popular way for criminals to scam money, and a listing on Google Play or the Apple App Store does not guarantee an app is safe to use.
That’s the latest warning the FBI has for consumers, noting that scammers are taking advantage of broad interest in crypto investing with increasing comfort in smartphone-based banking to lure victims into downloading fake crypto apps. Hackers are equal opportunity victimizers, but the most sophisticated scams are targeted at investors looking to put down hundreds of thousands of dollars or more.
Fake crypto apps increase in complexity as dollar amounts grow
Some fake crypto apps survive as little as a day or two, happy to steal whatever money they can during that short window before they are flagged and detected. But others aim high and put up convincing false fronts for weeks or months at a time, all in the aim of attracting deep-pocketed investors.
One of the fake crypto apps that was well-documented by the FBI was a service called “YiBit.vip,” which was noteworthy in that it ran for months and limited its thefts to investors that deposited $100,000 or more. Everything else about the operation was designed to inspire confidence. Smaller investors were allowed to deposit and withdraw freely, and even made money from advice provided by the app. All of this was to gain the confidence of affluent investors, who would eventually be pressed by attractive “advisors” to deposit triple-digit amounts and make “real money.” YiBit scammers also hunted for likely targets on social media and messaged them about investing, going so far as to hire women to hold phone conversations with victims.
YiBit got away with over $5 million before it was shut down. In total, the FBI says that $42 milion has been stolen by fake crypto apps since 2021. The more complicated of these apps almost always use a social engineering element to get away with stealing consumer funds, leveraging a relative lack of awareness of these approaches as compared to malware and other types of online fraud.
Theft via fake crypto apps has ramped up in past year
While the crypto market has spent most of 2022 cooling off, fake crypto apps are really beginning to take off. The FBI says that the period from October 2021 to present has been the most active thus far, and there have been over 240 victims during this time.
Most of the fake crypto apps are not as sophisticated as YiBit, but do inspire user trust by squirreling their way into legitimate app stores somehow. Apps designed to steal crypto have been found on the official Apple and Microsoft app stores recently. Criminals that try to list on app stores seem to be having the greatest success with pretending to be crypto-related brands that do not yet have an official app. This approach was taken in placing a fake Trezor crypto wallet app on the Apple App Store, which stole $1 million over a period of several days, and a fake Ledger Live app on the Microsoft store that was able to net $20,000 before being detected.