Fake iOS app steals one million dollars in Bitcoins taking a victim's life savings
You have to feel bad for a man named Phillipe Christodoulou. Looking for a place to store Bitcoins he owned that were valued at $600,000 at the time, he installed an app called Trezor Wallet from the Apple App Store. According to Bitcoin.com, when Christodoulou opened the app looking to check his balance, he was stunned to discover that his 17.1 Bitcoins (now worth over $1 million) was gone.
As it turned out, Trezor, which manufacturers hardware cryptocurrency wallets, does not offer an iOS or Android app and had been complaining about the fake apps listed in the App Store and Play Store to no avail. Back in December, the company disseminated a tweet warning Android users that own a physical Trezor device that "This app is a scam and has no relation to SatoshiLabs and Trezor. We've already reported it to the Google team. Always confirm any action on your device and never type seed words until your Trezor asks you to." Google did remove the Android version of the app in December.
Seed words or a seed phrase is a list of words needed to recover Bitcoin funds "on-chain." Anyone who knows the words can take ownership of the user's Bitcoins so Trezor recommends that they must not be typed into a website and that seed words need to be guarded as fiercely as one would protect cash or jewels.
Google removed this fake Trezor Wallet app from the Google Play Store last month
While the bad actors that created the fake iOS and Android versions of the (non-existent) Trezor app stole $1 million in Bitcoins from Christodoulou, the victim is more upset with Apple. Once a loyal Apple customer, Christodoulou now says that Apple "betrayed the trust that I had in them. Apple doesn’t deserve to get away with this."
Apple spokesperson Fred Sainz says that "Study after study has shown that the App Store is the most secure app marketplace in the world." However, you won't get Meghan DiMuzio, executive director of the Coalition for App Fairness, to agree with the Apple spokesperson. DiMuzio, contradicting Sainz' statement, said, "Apple frequently pushes myths about user privacy and security as a shield against its anti-competitive App Store practices. The truth is, Apple’s security 'standards' are inconsistently applied across apps and only enforced when it benefits Apple."
The 17.1 Bitcoins that were stolen represented Christodoulou's life savings and right now there is no indication that he will be able to get that money back.