Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Bitcoin Scam App Approved by Apple Robs iPhone User of $600,000+
- Thread starter MacRumors
- Start date
- Sort by reaction score
And Apple is supposed to verify that every one of the billion apps that is submitted each year is free of any copyright, patent, or trademark infringement?
please.
Apple certainly needs to do something about the tons of crap like this in the App Store. However if I’m dealing with that kind of money, I’m not going to go randomly download an app and not verify that it is 100% legit and then proceed to give it my password.
If you have that amount of crypto without some equivalent custody know-how you should stick with fiat.
Sorry, I know this will probably get me some hate for saying, but the guy downloading the app should take some responsibility here. If you’re dealing with $600k in crypto, then you should be extremely careful when you’re logging your credentials in on a website or app. I guarantee you that he just blindly clicked download without looking at the lack of positive reviews or even thinking twice. This isn’t the the fault of the security of Bitcoin or any other crypto. This is the shared fault of Apple and the careless guy who recklessly entered credentials on a scam app.
Bitcoin in and of itself is extremely secure in that scam transactions are near impossible. It also has a limited number of coins that can ever be in existence (unlike the US dollar) so inflation is a non-issue. Governments will of course try to scare individuals off of crypto because the more that people buy it, the less that people trust in and hold the US dollar. Since the very beginning of this covid thing, the US money supply increased 25% through all these stimulus packages Congress passed. In my opinion, that is cause for significant concern about the strength of the US dollar.
Sorry if that’s a bit off topic but it grinds my gears to see people commenting saying Bitcoin or any other crypto is a scam because that’s just simply not the case. For those of you saying that, I have one simple request: research it! Spend the next few days actually learning about cryptocurrency before labeling it a scam. Once you learn more about it, I’m sure you’ll realize the actual value that cryptocurrencies like Bitcoin hold.
Bitcoin in and of itself is extremely secure in that scam transactions are near impossible. It also has a limited number of coins that can ever be in existence (unlike the US dollar) so inflation is a non-issue. Governments will of course try to scare individuals off of crypto because the more that people buy it, the less that people trust in and hold the US dollar. Since the very beginning of this covid thing, the US money supply increased 25% through all these stimulus packages Congress passed. In my opinion, that is cause for significant concern about the strength of the US dollar.
Sorry if that’s a bit off topic but it grinds my gears to see people commenting saying Bitcoin or any other crypto is a scam because that’s just simply not the case. For those of you saying that, I have one simple request: research it! Spend the next few days actually learning about cryptocurrency before labeling it a scam. Once you learn more about it, I’m sure you’ll realize the actual value that cryptocurrencies like Bitcoin hold.
then they shouldnt take 30%! 30% for payment processing and hosting files lol, nice. the only reason they can get away with this is because they have the market power to do so, and we in USA do not like that and its why we have antitrust laws
Of course they did. They charged 43% tax for every app and then took the money and did not bother to check the apps properly.
Apple vets apps in their store against harming your phone and its contents. If I respond to a post asking for my banking username and password on Twitter using my iPhone and lose all my money, is the Twitter app a scam?
Why not go to the site for the company and follow their link to an app (if it exists)?
I'll still take the walled garden and my own common sense as an optimal solution.
Why not go to the site for the company and follow their link to an app (if it exists)?
I'll still take the walled garden and my own common sense as an optimal solution.
That’s none of our business when Apple is charging a premium to both iPhone customers and app developers.
I was not too familiar with how the Trezor wallet works, so I went and looked it up. So there is no simple "passphrase" or online account that that you could provide which would let someone gain access. To access or recover, you need the trezor hardware itself, connect to a PC (or android phone), enter the 12, 18, or 24 words depending on your setup that you are asked to write down during setup, and also a pincode you are supposed to memorize. Knowing this, you are ONLY EVER supposed to enter this information on the trezor itself and NOT on any other computer or phone etc.
www.thecryptomerchant.com
"As Trezor warns, you should NEVER take a photo of your recovery seed, type the seed into a computer, save it in cloud storage or upload the seed on the internet."
This guy has no argument against Apple and is 100% his own fault... he should have known how to use the Trezor and if entered in all his 24 word recovery keys and pincode into a fake app that imitated a trezor then that kinda defeats the purpose of the hardware wallet. Would have been better off printing out a wallet and keeping in a safe place.
Washington Post makes it sound like he just entered some password, but that was not the case... or entire story is BS.
Hardware Wallet Recovery Seeds Explained
This guide explains how a hardware wallet recovery seed works and the best ways to secure and utilize the recovery seed.
www.thecryptomerchant.com
"As Trezor warns, you should NEVER take a photo of your recovery seed, type the seed into a computer, save it in cloud storage or upload the seed on the internet."
This guy has no argument against Apple and is 100% his own fault... he should have known how to use the Trezor and if entered in all his 24 word recovery keys and pincode into a fake app that imitated a trezor then that kinda defeats the purpose of the hardware wallet. Would have been better off printing out a wallet and keeping in a safe place.
Washington Post makes it sound like he just entered some password, but that was not the case... or entire story is BS.
Yeah, it's a hardware wallet for experts or paranoid people, the cc equivalent of open-carrying a loaded and cocked AK with safety off. In a newb's hands, or maybe even in my hands, it's riskier than just using a software wallet. I have lots of BTC and still don't mess with a Trezor.I was not too familiar with how the Trezor wallet works, so I went and looked it up. So there is no "passphrase" or online account that that you could provide which would let someone gain access. To access or recover, you need the trezor hardware itself, connect to a PC (or android phone), enter the 12, 18, or 24 words depending on your setup that you are asked to write down during setup, and also a pincode you are supposed to memorize. Knowing this, you are ONLY EVER supposed to enter this information on the trezor itself and NOT on any other computer or phone etc.
Hardware Wallet Recovery Seeds Explained
This guide explains how a hardware wallet recovery seed works and the best ways to secure and utilize the recovery seed.
"As Trezor warns, you should NEVER take a photo of your recovery seed, type the seed into a computer, save it in cloud storage or upload the seed on the internet."
This guy has no argument against Apple and is 100% his own fault... he should have known how to use the Trezor and if entered in all his 24 word recovery keys and pincode into a fake app that imitated a trezor then that kinda defeats the purpose of the hardware wallet. Would have been better off printing out a wallet and keeping in a safe place.
Washington Post makes it sound like he just entered some password, but that was not the case... or entire story is BS.
Apple could easily wire this man the $600k, but you gotta realize Apple is greedy, selfish, and does’t really care about their customers—it’s all about that bottom line.
Not how it works. When your arrogant CEO is making grand proclamations about why the monopoly is necessary, you live by the sword and die by it. Cook needs to shut his pie hole if he won’t stand by his App Store.
So is there proof this guy actually lost 17.1 bitcoins and not just trying to throw shade at Apple during the Epic lawsuit?
How about the guy that made the decision to trust his $600K with two guys named Slush and Stick? Any responsibility to shoulder?
As with SS/bank accounts and other financial instruments: he didn't do his homework nor 'test' a downloaded app. Apple owes him nothing. He's just , as so many others , 'following the deep pockets'. Sorry for his loss but I've downloaded PayPal and other Fin apps...and tested with a single dollar . I find it hard to believe, what with all of the schemes involveing bitcoin for the past few YEARS that he wasn't more cautious. Remember South Korea recently? Really.But.. get a Texas jury...who knows. Skys the limit. MSM will blow this up because ....drum roll please...Its Apple! Note: not a fan-boy but grew up in a different gen where 'personal responsibility ' was as given as the sky is blue. Lawyers should love this....just have to convince the courts that 'bit/ether ' and the rest are 'real, US Gov. accepted and defined' currency. Good Luck. Sometimes, when you gamble, you loose. All of the 'e-currency' is gambling. Many seem to have forgotten the 'bigger fool/sucker' theory of making money.
A scam bitcoin app that was designed to look like a genuine app was accepted by Apple's App Store review team and ended up costing iPhone user Phillipe Christodoulou 17.1 bitcoin, or upwards of $600,000 at the time of the theft, reports The Washington Post.
Christodoulou wanted to check on his bitcoin balance back in February, and searched Apple's App Store for "Trezor," the company that makes the hardware device where he stored his cryptocurrency. He saw an app with the Trezor padlock logo and a green background, so he downloaded it and entered his credentials.
Unfortunately, the app was fake, and was designed to look like a legitimate app to fool bitcoin owners. Christodoulou had his total bitcoin balance stolen from him, and he's angry with Apple. "Apple doesn't deserve to get away with this," he told The Washington Post.
Apple reviews all App Store app submissions to prevent scam apps from being downloaded by iPhone users, but there are plenty of scam and copycat apps like the fake Trezor app that slip by and have major consequences for iPhone users.
Apple says the fake Trezor app got through the App Store through "a bait-and-switch." It was called Trezor and used the Trezor logo and colors, but said that it was a "cryptography" app that would encrypt iPhone files and store passwords. The developer of the fake app told Apple that it was "not involved in any cryptocurrency." After the fake Trezor app was submitted, it changed itself into a cryptocurrency wallet, which Apple was not able to detect.
Meghan DiMuzio, the executive director for the Coalition of App Fairness that counts anti-Apple companies like Epic Games as a member, said that Apple "pushes myths about user privacy and security as a shield against its anti-competitive App Store practices." She said that Apple's security standards are "inconsistently applied across apps" and "only enforced when it benefits Apple."
Apple spokesperson Fred Sainz told The Washington Post that Apple takes swift action when criminals defraud iPhone users.
Apple declined to comment on how often scam apps are found, nor how often they're removed from the App Store. The company did, however, say that 6,500 apps were removed last year for "hidden or undocumented features."
Apple acknowledged that it has discovered other cryptocurrency scams on the App Store, but did not provide specific details on numbers nor whether there had been fake Trezor apps in the past. Trezor does not offer an iOS app at all, and Trezor spokesperson said that it had been notifying Apple and Google about fake Trezor apps "for years."
Apple would not provide The Washington Post with the name of the developer of the fake Trezor app, whether that developer had other apps in the App Store under other names, nor would Apple say whether the name was turned over to law enforcement officials. Apple says that it removed the fake Trezor app and banned the developer after the actual Trezor company reported it. Another fake app popped up two days later, and Apple removed that, too.
UK-based cryptocurrency regulation company Coinbase said that it has received over 7,000 inquiries about stolen crypto assets since 2019, and fake apps found in the Google Play and App Store are common complaints. In fact, five people have had cryptocurrency stolen by the fake Trezor app on iOS, with losses totaling $1.6 million.
Data from Sensor Tower suggests that the fake Trezor app was on the App Store from January 22 to February 3, and was downloaded approximately 1,000 times. The 17.1 bitcoin that Christodoulou lost are worth close to $1 million today, and Christodoulou says that he's heard nothing from Apple on the subject.
Another iPhone user who lost $14,000 worth of Ethereum and bitcoin said that an Apple representative told him Apple was not responsible for the loss from the fake Trezor app.
Article Link: Bitcoin Scam App Approved by Apple Robs iPhone User of $600,000+
Airline Safety and Protocols are top notch. Yet...plans crash. Pharma is on the same level....people die from medications. Our legal system (outside of Texas) has got to stop rewarding people for the expectation of perfection. Doesn't exist.
I'm ready to go 'old school' and start selling NFT 'Credit Default Swaps' from 2008-09. For those who understand and have greater than the proverbial 15min. memory.
There’s no false sense of security. The only absolutely secure system is one which does not connect to the outside world. Once you connect to the Internet and authenticate with a third-party, there’s little or nothing Apple can do to protect someone from their own foolishness. It’s why you shouldn’t authenticate to your bank website at Starbucks unless you’re doing so over a VPN.