FBI issues public warning over fake crypto apps

Fake crypto apps appear to be part of an ongoing game of whack-a-mole with app store operators.

The United States Federal Bureau of Investigation (FBI) has issued a public warning about fraudulent cryptocurrency applications, which have swindled U.S. investors out of an estimated $42.7 million so far. 

According to an advisory published on Monday by the securities and intelligence agency, cybercriminals have created apps using the same logos and identifying information as legitimate crypto companies to defraud investors. The FBI noted that 244 people had already fallen victim to these fake apps.

One case saw cyber criminals convincing victims to download an app that used the same logo as an actual U.S. financial institution, encouraging them to deposit cryptocurrency into wallets purportedly related to their accounts.

When victims attempted to withdraw from the app, they would be asked to pay taxes on their withdrawals. However, this was just another ruse to part more funds from victims, as even if they made the payments, the withdrawals would continue to be unavailable.

Around $3.7 million was defrauded from 28 victims between December 2021 and May 2022, said the FBI.

Another similar operation saw cybercriminals operating under the company name “YiBit,” defrauding at least four victims of around $5.5 million between October 2021 and May 2022, using a similar method of deceit.

A third case involved criminals operating under the name “Supay” in November 2021. They defrauded two victims by encouraging them to deposit cryptocurrency into their wallets on the app, which would then be frozen unless more funds were deposited.

Warnings about fraudulent apps have also made the rounds on Crypto Twitter.

One user said a friend recently fell victim to a scam that started on the online messenger service WhatsApp, which encouraged the victim to download a fake crypto app and load funds into the app’s wallet. A week later, the crypto app vanished.

Don't get scammed. I recently had a friend fall for a #WhatsApp scam where they had her download a fake #crypto app, put some money in, and about a week later the app is gone and is NOWHERE to be found. Luckily she didn't follow "instructions" and add more.

— Sarvasatvānanda (Aaron) (@crypto_or_die) July 17, 2022

Another user says they have fallen victim to a fake Ledger Live crypto wallet app, reportedly called “Ledger Live Plus,” in the Microsoft app store. The user claims the fraudulent app has already stolen $20,000 from him. 

Earlier this year, cybersecurity firm ESET uncovered a “sophisticated scheme” that would distribute Trojan applications disguised as popular cryptocurrency wallets. These applications would then attempt to steal crypto assets from their victims. 

Related: More than $4.7M stolen in Uniswap fake token phishing attack

Last year, a scam cryptocurrency app dressed up as a mobile Trezor app on Apple’s App Store reportedly led to one user losing $600,000 in Bitcoin (BTC) at the time.

A report from the United States Federal Trade Commission (FTC) in June 2022 found that as much as $1 billion in crypto has been lost to scammers since 2021, with nearly half of all crypto-related scams originating from social media platforms.

The FBI has recommended crypto investors be wary of unsolicited requests to download investment apps, verify an app (and the company) is legitimate, and treat apps with limited and/or broken functionality “with skepticism.”