Scammer Bitcoin App Scales Apple Walled Garden To Rob iPhone User Of Over $600K
A fraudulent app in Apple's App Store enabled a scammer to swipe $600,000 worth of Bitcoin from an iPhone user, depleting him of his life savings that he hoped would salvage his dry cleaning business. It's an unfortunate situation that both serves as a cautionary cryptocurrency tale, and highlights a need for better vetting of mobile apps.
That latter part is an admittedly difficult task. There are nearly 2 million apps in the App Store, and new ones are being added all the time. There is a process developers have to go through. Even so, malicious apps sneak through, some of which contain malware, and others designed to trick users into forking over their cryptocurrency details.
Sadly for Phillipe Christodoulou, who amassed 18.1 Bitcoin, almost all of it was stolen as a partial result of a fake app posing as Trezor, which makes hardware wallets for storing Bitcoin and other forms of cryptocurrency.
"It broke me. I'm still not recovered from it," Christodoulou told The Washington Post, adding that he is not on medication and speaking with a psychiatrist (presumably both as a result of losing his life savings in one gut-wrenching instant).
Trezor does not actually have an app. Christodoulou's big mistake was assuming it did, and upon searching for one in the App Store, he spotted one that was using the company's logo in its graphics. A five-star rating out of 155 reviews gave him further confidence that the app was legitimate. Had he read the reviews, however, he would have come across warnings from others who had been scammed.
The cold reality is, that part falls on Christodoulou. Anyone who has a significant amount of money invested in cryptocurrency should be ultra-cautious, and use an offline, hardware-based wallet.
At the same time, the situation raises the question if Apple bears any responsibility. Apple vetted the app, after all, and deemed it legitimate. According to Apple, this amounts to a bait and switch tactic—the app was approved as a cryptography app capable of encrypting files and storing passwords, but was later changed (against Apple's rules) into a fake cryptocurrency wallet.
Apparently Apple does not track these things directly, and instead is reliant on users to report these kinds of changes. It seems to us that Apple should have a better handle on that kind of thing, especially when it comes to cryptocurrency. In addition, a spokesperson for Trezor says they have been telling Apple and Google for years about fake apps masquerading as one of its own, to scam people. The representative described the process of reporting apps as "painful."
Somewhat fortunately for Christodoulou, he had a single Bitcoin stored in a service called BlockFi. The remaining 17.1 Bitcoins, however, are likely gone forever, having been scammed out of his grip. And while they were worth around $600,000 when the theft occurred, at the current price, 17.1 Bitcoins are valued at almost a million bucks.
The FBI is aware of the situation, but it's unclear what can actually be done about the theft. Here's hoping he somehow miraculously gets his Bitcoin back, or Apple decides to throw him a bone. The latter seems unlikely, though, because it sets a precedent, and potentially insinuates an admission of culpability that could be leveraged in lawsuits.