Bitcoin app accused of stealing $120,000 in another App Store failure [u]

Posted:
in iOS edited March 11

Reports of another fake bitcoin wallet in the App Store are claiming that "Leather Wallet & Hiro Bitcoin" took over $120,000 in a single fraudulent transaction.

The App Store is meant to be safe from scam apps
The App Store is meant to be safe from scam apps



Apple claims the EU is weakening App Store security, and executives including Craig Federighi stress that users are at risk if its review process is skipped by alternative app stores. But it appears that yet another scam app has made it through Apple's App Store review process.

Watch out. This scam wallet INSIDE Apple App Store stole 38,000 STX after importing. @muneeb please warn @Stacks community. https://t.co/gX0IC2ofiO

-- George Burke (@geoburke)



Financial app developer George Burke reports that the app, "Leather Wallet & Hiro Bitcoin," has stolen the equivalent of $121,448.22. Burke has provided a link to the transaction details, though it's not clear whether it's he or a client who was allegedly defrauded.

So far there are few other reports and responses to Burke's comment on X/Twitter, but one is from someone claiming that many people have been aware of the scam "for a while." There are also reports that Bitcoin developer Hiro -- fraudulently named in the app's title -- has contacted Apple.

According to its App Store listing, "Leather Wallet & Hiro Bitcoin" was added in late February. It is developed by a firm called Huynh Gia Hai Service Construction Trading One Member Company Limited.

The firm appears to have no other apps, and no online presence other than a privacy policy. That policy is required by Apple, but in this case the details are held on the third-party TermsFeed site.

Apple has now confirmed to AppleInsider that the app was on the App Store for approximately two weeks, but has now been removed. This is similar how it reacted when it removed a different fake crypto app.

Updated: 11 March 2024 17:15 with Apple's response.



Read on AppleInsider

Comments

  • Reply 1 of 8
    hmurchisonhmurchison Posts: 12,436member
    This is actually good news for Apple as the drive to force other app stores only magnifies these types of breaches. 
    watto_cobra
  • Reply 2 of 8
    CheeseFreezeCheeseFreeze Posts: 1,322member
    Most of the security / safety that Apple promotes is psychological. It's branding. It's marketing.

    Set aside their notarisation processes (which is a great concept and really works!), the actual human review process is inefficient, prone to $$$ bias and Apple politics and human errors. Of the 30+ games and apps I deployed on iOS/iPadOS involving major media stakeholders, Apple sometimes just forgot to review our apps (staying in a queue for weeks), didn't communicate for days, rejected publication based on nonsensical reasons and misunderstandings, costing stakeholders thousands and thousands of dollars, especially when the app was tied to an important media announcement.
     
    I could design a game that passes Apple review, but after 50 days suddenly changes from a game into a pornographic content video player and Apple would *never* know about it as part of their review process. Yes, my account would be banned as soon as the first complaints roll in, but by then the damage is done.

    The truth is that Apple obviously cannot review every SKU on their store, even with a large team. 
    The primary reason for Apple to be the gate-keeper is not to protect the interests of its consumers, but themselves.
    Which is what companies do, not just Apple. 

    So, I'm looking forward for other parts of the world forcing Apple (and similar competitors) to open up their ecosystem and allow for side-loading and third-party stores. This IS in the best interest of its users.
    muthuk_vanalingamhmurchison
  • Reply 3 of 8
    michelb76michelb76 Posts: 677member
    This is actually good news for Apple as the drive to force other app stores only magnifies these types of breaches. 
    Maybe. Maybe other stores actually check the apps first.
  • Reply 4 of 8
    avon b7avon b7 Posts: 7,955member
    This is actually good news for Apple as the drive to force other app stores only magnifies these types of breaches. 
    Let's not forget that opening platforms like iDevice systems to app store competition is there to stimulate choice. 

    Security and privacy are things that are covered by a lot of laws. They don't fall exclusively under one directive or another. 

    It is entirely possible that alternative app stores could provide better protection than Apple. It's possible they might not of course. 

    Absolute protection is impossible but there is a lot that can be done to improve things. You would think that something like comparing app names for similar names and raising flags for closer inspection would be perfect for AI but we've seen a few examples over the past months where apps have got through the system while looking very similar to existing, legitimate apps. 

  • Reply 5 of 8
    bonobobbonobob Posts: 392member
    Apple might not have responded to Apple Insider, but they have removed the app from the store.  However, typing “leather wallet” in the search field results “leather wallet and hiro bitcoin” as a suggestion. 
    watto_cobra
  • Reply 6 of 8
    danoxdanox Posts: 3,229member
    Apple just stop accepting Bitcoin and Crypto scam apps, can you download a BitTorrent app or Porn app from the Apple App Store? Simply ban them...... I have a feeling Apple will ban this catagory of app as an example to allow some government the EU or a competitor (on their store) a chance to support them. :smile: 
    badmonkbaconstangwatto_cobra
  • Reply 7 of 8
    baconstangbaconstang Posts: 1,142member
    What?!? A bitcoin scam? Say it isn't so!!!
    auxiowatto_cobra
  • Reply 8 of 8
    auxioauxio Posts: 2,751member
    Most of the security / safety that Apple promotes is psychological. It's branding. It's marketing.

    Set aside their notarisation processes (which is a great concept and really works!), the actual human review process is inefficient, prone to $$$ bias and Apple politics and human errors. Of the 30+ games and apps I deployed on iOS/iPadOS involving major media stakeholders, Apple sometimes just forgot to review our apps (staying in a queue for weeks), didn't communicate for days, rejected publication based on nonsensical reasons and misunderstandings, costing stakeholders thousands and thousands of dollars, especially when the app was tied to an important media announcement.
     
    I could design a game that passes Apple review, but after 50 days suddenly changes from a game into a pornographic content video player and Apple would *never* know about it as part of their review process. Yes, my account would be banned as soon as the first complaints roll in, but by then the damage is done.

    The truth is that Apple obviously cannot review every SKU on their store, even with a large team. 
    The primary reason for Apple to be the gate-keeper is not to protect the interests of its consumers, but themselves.
    Which is what companies do, not just Apple. 

    So, I'm looking forward for other parts of the world forcing Apple (and similar competitors) to open up their ecosystem and allow for side-loading and third-party stores. This IS in the best interest of its users.
    Having plenty of experience with the App Store review process, I've never faced any problems. Though maybe it's because the companies I've worked for have a reputation for legitimate products that follow a standard business model (i.e. the customers see value in the products, and thus are willing to pay for them, and so there's no need to resort to data harvesting/advertising for revenue). Honestly, I'd never ever work for a company that simply views the products they create as a trojan horse for some other revenue stream.

    And given the state of the tech industry, I'm quite certain that these alternative app stores will simply be that: trojan horses for data harvesting. For those who argue that nobody will be forced to use them, I can well imagine that there will be some social media/messaging app which is exclusive to one of those app stores (paid for by the company behind that store), and once all your friends are using that app to communicate/share, you won't have a choice but to sign up and download it from that store to keep connected to your social circle.

    As you said, this is what companies do: look out for their own best interest. I'll take the companies which are dependent on the quality of the products they create directly for their customers, not the ones which are dependent on the quality of the customer data they can get for their real customers (advertisers and/or AI companies).
    watto_cobra
Sign In or Register to comment.