Many of us find our way to Bitcoin with the idea that we’re going to make some money in this market, and without a doubt, there have been many success stories of people becoming Bitcoin millionaires. These stories only fuel the fire, and when investors are solely focused on making money or getting into Bitcoin as a trade, they often discount learning about the asset, how it works and how to use it safely.
For most of us, the first engagement with Bitcoin will be with a KYC exchange; these custodians allow you to trade in and out of Bitcoin using their service but hold all the funds on your behalf. While this might sound like the easiest way to get exposure to Bitcoin, it is not without its risks.
There have also been many Bitcoin fortunes lost, squandered or stolen due to leaving funds on these large honey pots called centralised exchanges. Leaving your Bitcoin with a custodian has yet to have the best record track record, with exchanges like Mt Gox, Quadriga CX, FTX and fintech apps like BlockFi and Celsius Network providing you with all the evidence you need as to the risks.
Users who do not wish to fall victim to possible custodian insolvencies should take ownership of their funds using a hot wallet or, better yet, a cold storage signing device. Hot wallets are, without a doubt, the easiest step toward self-custody, involving downloading software onto an existing device like a Laptop or Smartphone and generating a set of private keys.
These wallets can hold any amount of Bitcoin, and no wallet will tell you you’re overexposed; this is a decision you must make for yourself. The fact that Bitcoin is digital makes it so easy to move large amounts of wealth into these digital wallets, but you should never keep all your funds in one place.
If those keys are lost or exposed, or the software is compromised, your funds could disappear in the blink of an eye. When downloading a wallet, you also trust that the software vendor has vetted the technology if you cannot.
Hackers rely on this trust and lurk in the shadows of app stores, publishing counterfeit wallets – digital wolves in sheep’s clothing waiting to devour your precious Bitcoin. These fake apps often mimic popular brands or use generic terms to catch the uninitiated. So, how do you spot these wolves and keep your crypto safe? Buckle up because we’re about to dive deep into the dark side of wallet downloads.
Why the fake wallet frenzy?
Bitcoin is not a company; there is no legal team to sit around flagging people who use Bitcoin logos or the term Bitcoin on their products and removing them from the market. Instead, as the user, you need to do due diligence on every piece of software or hardware you use because if you make a mistake, it is bye-bye Bitcoin, hello darkness, my old friend.
Bitcoin is an open-source software and protocol that anyone can build on. Those who want to build a thriving business and brand with positive sentiment will create products that solve users’ problems, reduce bad experiences and improve security.
Those in it for a quick buck are happy to spin up a shoddy product with multiple backdoors in it to try and secure Bitcoin by hook or crook.
As Bitcoin grows, it reaches outside its core tech-competent user base, and casual participants are entering without taking the proper steps to educate themselves before putting money into the network, making them the ideal target for scams.
Scammers love two things: Easy money and gullible victims.
Fake Bitcoin wallets represent a jackpot for both. They look, feel and work just like any other software wallet; they can generate keys, and they can hold the keys to your digital vault, but with one caveat: you’re not the only one with access to the vault. These apps house backdoors allowing the issuer of the fake wallet to extract your keys to a remote server and then sweep your wallet to a Bitcoin address of their own.
Hackers will typically launch these wallets in popular device app stores and wait a few days, weeks, or even months to build up a large enough user base, so once they start sweeping funds and the news breaks, they’ve already collected a large amount of money.
The deceptive disguise
The average user of a device tends to trust the app store, having always had a good experience, as Microsoft, Google, and Apple send considerable amounts of resources to keep their walled garden clean. This trust lulls users into a false sense of security, thinking every app listed on these app stores has been checked and vetted, but some will slip through the cracks while others first need to harm users before they are banned.
Today, many users trust app store listings over using search or websites to source and download software, and scammers know this and actively look to exploit this behaviour.
Fake wallets come in a range of gimmicks; some will use generic terms like Bitcoin Wallet, Free Bitcoin Wallet, and Safe Bitcoin Wallet with the idea that these apps will attract users heading to app stores not knowing what to look for in a wallet and would use exact match terms, instead of a popular wallet name.
These fake wallets are aimed at novice users who are looking for self-custody or just need an interface with Bitcoin rails and often are of very poor quality in terms of design because they’re not intended to have a long life span, so why put in the effort?
While the generic term fake wallet targets one subset of the app store marketplace traffic, another trend from these scammers is mimicking popular wallets. These fake wallets capitalise on brand trust, luring users into a false sense of security and leveraging brand terms searches for these wallets.
It’s also a bonus if the authentic app does not support mobile; for example, then the fake app can take on top rankings, while apps that might only be available for Android will have a fake iOS version or vice versa.
The app looks like the real thing, with a similar logo and a similar name. They, however, describe themselves as an ‘Expense and Budget Manager’ and even include a couple of disclaimers stating they are not a ‘Cryptocurrency wallet.’ Popular wallets that have been targeted with fake versions include Electrum wallet, Samouri wallet, Jaxx wallet, Trezor and even Ledger wallet.
These counterfeit wallets come dressed to impress. They might copy logos and interfaces and even have fake user reviews to try to trick the app store and users. They might even offer enticing features like “higher returns” or “faster transactions” – classic bait for the crypto-hungry.
So, how do you avoid falling victim to a fake Bitcoin wallet?
App stores do not always know to flag wallets before they cause damage and often rely on users to report the app before they do anything. Users often need to download the apps first before they can review them on the app store, which makes it even harder for reports to come through from those who aren’t victims of the fake wallet but see it as an obvious scam.
If you are new to Bitcoin and your scam detectors have not yet been properly calibrated, here are some red flags to watch out for:
Downloading wallets from app stores outside Google Play or Apple App Store requires a little extra homework on your part; you should first check the publisher of the app and also see if their website references the listing you are currently ready to download.
Stick to the official channels, ask around in their Discord, Telegram or email the wallet provider before you download the app should you feel unsure about this listing.
Legit wallets have websites and information about their developers. If you can’t find that, walk away.
Be wary of wallets requesting unnecessary access to your contacts, phone calls, keys or other sensitive data. Legitimate wallets don’t need this, and you could be signing over your death warrant, either with access to your Bitcoin or private data that can be used to access your exchange accounts.
Grammatical errors or poor design
Scammers aren’t keen on putting too much effort into their scam, so check listings and review the app before you insert any keys. Legitimate apps usually have professional interfaces and error-free content. Be wary of apps with typos or clunky designs; they’re often telltale signs of a bad copy-paste job.
Check the wallet version and PGP keys
Check the wallet’s official website or GitHub and check for the latest version number and, if possible, locate the PGP public key of the software developer or project. It’s typically found on their official website, forums, or reputable key servers. Then cross reference that with the app listing or the app you’ve downloaded to ensure you have a reputable version of the software.
Beyond the app store
While having a legitimate software wallet can help you store and secure your funds, they’re not foolproof, and as you grow in comfortability with the software, consider upgrading your security over time.
- Hardware wallets: These physical devices store your private keys offline, offering enhanced security by keeping your keys off an internet-connected device.
- Multiple wallets: Instead of trusting one supplier, you can download multiple wallets with their own keys and keep funds on these different wallets instead, so if one is compromised or lost, you don’t lose all of your funds.
- Multi-sig wallets: This is a much more complex Bitcoin wallet which requires you to create multiple keys that need to be signed before funds are moved.
Remember, there are no bailouts in Bitcoin.
Your Bitcoin is your responsibility. Don’t be tempted by flashy promises or familiar logos; trust no one, not the app store and definitely not the publisher of any app. Do your research, choose trusted wallets with a solid track record, check that you’re getting them from an authentic source before you start to generate them, and store your keys securely.
The Bitcoin world might be thrilling, but staying vigilant is paramount to securing your digital fortune.
Do your own research.
If you want to learn more about fake Bitcoin wallets, use this article as a jumping-off point and don’t trust what we say as the final say. Take the time to research, check out their official resources below or review other articles and videos tackling the topic.
- Jan -2024 – https://nitter.net/oscpacey/status/1723758796806263043
- May 2018 – Fake Electrum blames real Electrum for ‘ruining its reputation’ — pulls exit scam
- March -2021 – Electrum Imposter Shuts Down Website after Being Exposed as ‘Bitcoin-Stealing Malware’
- June 2023 – Fake Jaxx Liberty App: How Scams Masquerade as Authentic Wallets in the iOS App Store
- June 2023 – There’s a Fake Trezor Wallet in the Apple App Store Draining Crypto
- Nov 2023 – Hackers Pinch Nearly $1 Million in Crypto Via Fake Ledger App on Microsoft App Store