Trusted

New Trezor Seed Phrase Scam May Have Robbed Thousands of Users

3 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • US crypto lawyer Rafael Yakobi warned crypto users about a fake app that steals funds.
  • The app asks users for their keyphrase.
  • Apple's most recent wallet rules cover custodial wallets offered by licensed exchanges.
  • promo

The first search hit for “Trezor” on the Apple Store is a malicious app that will harvest your seed phrase to steal your crypto.

The app in question is called Trezor Wallet Suite and has been on the app store for a few weeks and may have stolen funds from thousands of people. 

Trezor Suite Lite is Real App

The fake Trezor Wallet Suite was first revealed by Rafael Yakobi, a managing partner at The Crypto Lawyers, who warned,

“Using crypto properly and safely requires extreme due diligence. If you know anyone that uses a Trezor, please make them aware. ”

Trezor manufactures hardware crypto wallets offering users the safety of holding crypto offline and being less vulnerable to attacks.

Its actual companion iOS app is called “Trezor Suite Lite” and enables users to exchange crypto assets, track their portfolio, and trade assets.

Wallet vendors ask users to store seed phrases offline if they forget their wallet app login details. The seed phrase is a last line of defense and users should only use it to recover funds from the wallet app that generated it.

Trezor offers users the Shamir backup to help them generate multiple seed phrases they can store at different physical locations.

Learn about the differences between two of the most popular crypto wallets here.

After downloading the app, users can select how many phrases will unlock funds. For example, they can generate three seed phrases but only require two to unlock access to their funds. 

Users who compromised their seed phrases using the Trojan Horse app on the Apple App Store likely created a single seed phrase. Generating multiple seed phrases requires users to create new wallets.

Multiple seed phrases could have ensured that even if the bogus app harvested one phrase, it could not access user funds.

Fake app is second on UK App Store with the authentic Trezor Suite Lite above it
Fake app is second on UK App Store with the authentic Trezor Suite Lite above it | Source: Apple UK

At press time, the fake app was the second search hit on the UK app store.

Extra Caution Should Prevail Amid Store Loopholes

The fact that Apple’s guidelines did not prevent the fake app’s listing is troubling.

Developers publishing to Apple’s store need an Apple account. App functionality must conform with features listed on the product page. Apple also has strict guidelines on collecting and handling user data required.

Applications must contain self-developed content. If not, the developer must have secured the necessary licenses to use the content.

Murky regulation surrounding crypto, especially in the US, has caused Apple to impose additional rules for Web3 firms.

Exchanges can offer custodial wallet apps in regions with an appropriate license, while self-custodial apps are subject to more general rules.

They cannot use cryptocurrencies or NFTs to unlock new features. Developers may not seed the app with links that redirect users to third-party websites to buy items.

All purchases must occur in-app. The app must also offer features beyond a simple website.

But none of these listing requirements replace good, old-fashioned due diligence.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.

Top crypto platforms | November 2024
ChainGPT ChainGPT Explore
BYDFi BYDFi No KYC
Margex Margex Explore
Сoinex Сoinex Explore
Top crypto platforms | November 2024
ChainGPT ChainGPT Explore
BYDFi BYDFi No KYC
Margex Margex Explore
Сoinex Сoinex Explore
Top crypto platforms | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored