$70,000 Stolen by Malicious Crypto Wallet on Google Play: A Cautionary Tale for Users!

A fake cryptocurrency wallet application available on the Google Play Store has stolen around $70,000 in digital assets.

The malicious app, downloaded by 10,000 users, disguised itself as a WalletConnect-associated tool, preying on the confusion of users unfamiliar with how WalletConnect works.

Fake "WalletConnect" App on Google Play Exploits Users for Months, Drains Crypto Assets

WalletConnect is a protocol, not a standalone application, which connects wallets to decentralised applications (DApps). The fake app, titled "WalletConnect – Crypto Wallet," led users to believe it was required for managing crypto assets, tricking them into downloading it.

Checkpoint Research (CPR), a cybersecurity firm, identified that the fraudulent app had been present on Google Play for over five months before being discovered. The attackers exploited the confusion to drain assets from the victims’ wallets.

Read more: Fake Exchange Shops in Hong Kong Scam $1.9 Million from Cryptocurrency Investors

Sophisticated Crypto Scam Exploits WalletConnect Name to Deceive Over 150 Victims

According to CPR, the scam was highly sophisticated. Attackers used social engineering tactics to manipulate users into trusting the app, capitalising on the well-known WalletConnect name to add credibility to their scheme. CPR noted that the attackers avoided more obvious tactics like keyloggers, instead relying on smart contracts to drain crypto assets.

In their statement, CPR explained, “The attackers leveraged a combination of social engineering, technical manipulation, and clever exploitation of user confusion... deceiving over 150 victims.”

Concerns Raised Over Google Play's App Vetting Process Following Fraudulent WalletConnect App Discovery

Google Play’s failure to detect the fraudulent app for such an extended period raises concerns about the platform’s ability to safeguard users from malicious applications. Although the app has since been removed, its success highlights vulnerabilities in app store vetting processes.

Read more: Tether assists DOJ and FBI in busting $6 million cryptocurrency scam in Southeast Asia

While the fake app has been taken down, the damage is done, and over 150 users have lost significant sums of cryptocurrency. Platforms like Google Play need stricter monitoring to prevent similar attacks.