What you need to know
- An iPhone customer lost $600,000 in Bitcoin after giving away his credentials to a scam app.
- Phillipe Christodoulou says Apple is to blame for allowing a fake app onto its App Store.
- Christodoulou is apparently not the first person to lose money to 'Trezor'.
An iPhone customer by the name of Phillipe Christodoulou lost $600,000 worth of Bitcoin to a scam app called Trezor and says Apple should be held accountable.
From The Washington Post:
Phillipe Christodoulou wanted to check his bitcoin balance last month, so he searched the App Store on his iPhone for "Trezor," the maker of a small hardware device he uses to store his cryptocurrency. Up popped the company's padlock logo set against a bright green background. The app was rated close to five stars. He downloaded it and typed in his credentials.
In less than a second, nearly all of his life savings — 17.1 bitcoin worth $600,000 at the time — was gone. The app was a fake, designed to trick people into thinking it was a legitimate app.
The report says that Christodoulou is "angrier at Apple" than the thieves who stole from him, sayings that Apple markets the App Store as a safe and trusted place, reportedly stating "They betrayed the trust that I had in them. Apple doesn't deserve to get away with this."
A spokesperson for Apple told the Post "User trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since. Study after study has shown that the App Store is the most secure app marketplace in the world, and we are constantly at work to maintain that standard and to further strengthen the App Store's protections. In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future."
Unfortunately, it seems that other people have also fallen for the 'Trezor' app in the App Store, with UK company Coinfirm stating five people have reported having cryptocurrency stolen to the tune of $1.6 million. All of this, despite the fact that Trezor doesn't actually seem to have an official iOS app, and makes no mention of one anywhere on its website. Trezor suite consists of a Windows, macOS, and Linux desktop application, and there is also an Android version of the Suite on the way, but apps don't seem to have been released on either this or iOS. As the report states:
Trezor, based in the Czech Republic and owned by a company called Satoshi Labs, is a well-known maker of hardware wallets. Trezor doesn't have a mobile app, but crypto thieves created a fake one and put it on Apple's App Store in January and the Google Play Store in December, according to those companies, tricking some unsuspecting Trezor customers into entering their seed phrases.
The report notes the app might have got through the App Store review process by posing as a "cryptography" app for encrypting files and storing passwords, before changing itself into a cryptocurrency wallet without alerting Apple. Amongst many fake five-star reviews, there were also reported complaints of people who had been scammed by the app in the same way.
The report cites an engineer from Georgia who lost about $14,000 worth of Bitcoin to the fake Trezor app. James Fajcz also says Apple is responsible:
Fajcz said he called Apple's support line. An Apple representative said the company was not responsible, Fajcz says. "This was a trusted app on the App Store claiming to be the best and most trusted app store on any system anywhere," he said. "And this nefarious app gets on the platform? I feel Apple should be held partially or fully responsible for that."