Phillipe Christodoulou lost 17.1 Bitcoin with a simple login. The momentous login was into an iPhone app from Apple’s App store that pretended to be the mobile front end of Trezor’s wallet providers.
Phillipe Christodoulou used to be a very satisfied Apple customer. Now, however, he is pissed off. A fake app from the official store is to blame for the fact that he lost 850,000 euros in Bitcoin at today’s exchange rate.
Always be sure that the service you use can be trusted, there are many BTC scams out there. If you are looking for a crypto debit card for example, make sure to read some reviews first and compare them. Same is true for bitcoin exchanges, always use reliable ones like Binance!
App store: not safe at all
Until now, he had thought it was simply impossible for something like this to happen, given the Californian iPhone manufacturer’s app store. His accusation: Apple has always marketed the App Store as a safe and trustworthy place where every app is checked before it is allowed into the store.
If that were the case, App Store employees would have had to identify the fake app that could have saved him a fortune in a split second, Christodoulou said. If Apple’s promise were worth anything, such an app could never have made it into the App Store. “They abused the trust I had in them,” the Washington Post quotes him as saying. Apple doesn’t deserve to get away with this, the angry Bitcoin hodler continues.
Trezor user thought to use manufacturer’s mobile front end
Phillipe Christodoulou’s story is quickly told. Christodoulou was looking for a way to check his Bitcoin account balance via smartphone. So he searched the app store on his iPhone for “Trezor,” the maker of a small hardware device he uses to store his cryptocurrency. Sure enough, Christodoulou found an authentic-looking app with typical Trezor branding. He quickly checked the ratings. Nearly five stars in the app store and a promise to send each app through a rigorous approval process made him feel confident.
That proved to be the biggest mistake of his life. Because after typing in his credentials, the situation quickly escalated. Christodoulou had fallen victim to a well-crafted scam.
Apple rejects responsibility, experts not surprised
Apple is concerned, but does not want to take responsibility. Trust is the basis of the App Store, confirms Apple spokesman Fred Sainz. Over the years, the company has steadily strengthened its commitment in this direction: “Study after study has shown that the App Store is the safest app marketplace in the world, and we are constantly working to maintain this standard and further strengthen the protection of the App Store. In the few cases where criminals defraud our users, we take swift action against these actors to prevent similar breaches in the future.”
So it’s no surprise that experts are coming to very different conclusions. They report that it is actually easy for fraudsters to circumvent Apple’s rules. The simplest method, they say, is to submit seemingly harmless apps for approval and then later turn them into phishing apps. This would not be a long-term strategy, as the apps would be quickly removed when the fraud was discovered. For some victims, however, it would then already be too late.
At best, this means Apple reacts when a child has fallen into the well and ensures that no other children fall into the same hole. This is a rather lax idea of security and trust.
Trezor app infiltrated under false flag
In the case of the fake Trezor app, the developers are said to have actually faked a false application purpose. For instance, the Trezor app was not supposed to have anything to do with cryptocurrencies. Rather, according to Apple’s review team, it was an app that promised users to securely encrypt the contents of their iPhones. Despite the obvious use of third-party logos and trademarks, Apple allowed the app to enter the App Store and later failed to notice the change in app purpose.
Only when Trezor itself pointed out the fake app to Apple did the company react and remove the app. The app then made it back into the App Store a few days later for unexplained reasons, where it was found and installed by Phillipe Christodoulou. The FBI is now investigating the incident. The number of people affected is still unclear, but it goes far beyond this individual case.