A leading cryptocurrency wallet provider has warned customers that their private keys could be at risk if they fall victim to an app-based scam.
EOS RIO, which is based in Brazil, said that it had located a scam which imitated its own wallet app, “simplEOS”. The scam app is believed to have been offered on the Google Play Store.
Industry media articles said that it’s not currently known exactly how many people have been affected by the fake app.
In a statement shared on the official EOS RIO Twitter account, the organisation asked its customers to help alert others that the app was not safe to use.
“There is a fake SimplEOS app on Google Play! We’ve taken the security measures to take it down!”, the statement read.
“Please help us spread the word to avoid users from being hacked! The secure way to download your SimplEOS is on http://eosrio.io/simpleos or http://github.com/eosrio/simpleos.”
The account also tagged many other EOS accounts around the world.
EOS RIO also shared a screenshot of the scam alongside its tweets. The description for the fake app was very similar to the description of the authentic app, suggesting that the hackers had gone to great lengths to make it appear legitimate.
The authentic SimplEOS wallet is designed to be compatible with the EOS ecosystem only. According to its official website, however, it is designed to be used on a desktop computer – a significant difference to the fake app, as Google Play Store items are usually designed for either mobile phones or tablets only.
On the EOS RIO website, the security aspects of the real app are celebrated. “EOS Rio made SimplEOS with a security and transparency philosophy”, it reads.
App stores are unfortunately common victims of cryptocurrency fraud. Fake apps are common, and stories of crypto scams are often reported in the industry media.
Earlier this year, it was reported that a firm called Poloniex had been targeted by a large number of fake Google Play Store apps.
As part of these scams, hackers would set up the fake apps in such a way that trusting users would part with their login credentials, leading to their actual wallets being placed at risk.
One investigation, by industry media outlet We Live Security, found that the Poloniex scam saw around 500 downloads and installs before it was stopped.
“To successfully take over a Poloniex account using one of the malicious apps, the attackers first need to obtain credentials for the account”, the investigators said at the time.
“Afterwards, they need to gain access to the email account associated with the compromised Poloniex account to control notifications about unauthorized logins and transactions. Finally, the attackers need to make their app appear functional so as to lower any suspicion they might have raised in the process.”
While greater awareness of the issue of crypto wallet hacking is a good thing, it remains highly difficult for people in the crypto space to tackle the issue. App stores, however, have taken the lead by announcing that they will crack down on the problem.