26 Fake Crypto Wallet Apps On Apple's App Store Stole User Secrets
By 813 Staff
Industry analysts are weighing in after 26 Fake Crypto Wallet Apps On Apple's App Store Stole User Secrets, according to The Hacker News (@TheHackersNews) (in the last 24 hours).
Source: https://x.com/TheHackersNews/status/2047644932580818945
The Hacker News (@TheHackerNews) reported on April 24 that 26 fraudulent wallet applications on Apple’s App Store successfully stole users’ recovery phrases, compromising the security of what appeared to be legitimate cryptocurrency management tools. According to internal documents reviewed by security researchers, the apps were designed to mimic popular wallet interfaces, tricking users into entering their 12- or 24-word seed phrases. Engineers close to the project say that the malware operated by intercepting clipboard data and text input fields, then exfiltrating the phrases to remote servers controlled by the attackers. The rollout has been anything but smooth for Apple’s review team, as the malicious apps were live for an unspecified period before discovery, likely accumulating thousands of downloads from unsuspecting iPhone and iPad users.
The fake wallets were distributed across multiple categories, some masquerading as utility tools rather than directly as crypto wallets, which may have helped them evade initial screening. The Hacker News noted that the stolen recovery phrases gave the attackers full control over the associated blockchain wallets, enabling them to drain funds without further user action. This incident highlights a persistent vulnerability in Apple’s otherwise strict app review process: the platform’s inability to reliably detect social engineering tactics and subtle code obfuscation at scale. For the average user, the consequence is clear—downloading any wallet app without cross-checking developer history, download counts, and independent security audits can lead to total loss of holdings, which are generally irreversible on decentralized networks.
Apple has since removed the offending applications from its store, but specific details about how the apps passed initial validation remain under wraps. Security analysts caution that the attackers may have used a delayed payload mechanism, where the malicious behavior only activated after the app was approved and downloaded. What happens next is uncertain. Apple has not issued a public timeline for an internal review of its vetting processes, and the company has not confirmed whether it will notify affected users via its standard security alert system. The incident serves as a fresh reminder that even curated marketplaces are not immune to targeted supply-chain attacks, and that wallet security ultimately rests on user vigilance and hardware-based cold storage solutions.
Source: https://x.com/TheHackersNews/status/2047644932580818945
