Markets

Fake “Trezor Wallet Suite” harvests the seed phrase to steal funds

The first search for “Trezor” in the Apple Store is a malicious app that will harvest your seed phrase to steal your encryption.

The app in question is called Trezor Wallet Suite and it has been on the App Store for a few weeks and may have stolen money from thousands of people.

Trezor Suite Lite is a real app

The fake Trezor Wallet Suite was first exposed by Rafael Yakobi, Managing Partner at The Crypto Lawyers, who warned,

“Using encryption properly and securely requires the utmost due diligence. If you know anyone using Trezor, please let them know.”

Trezor manufactures hardware crypto wallets that offer users the security of holding cryptocurrencies offline and are less vulnerable to attacks.

Its actual companion iOS app is called “Trezor Suite Lite” and enables users to exchange crypto assets, track their portfolio, and trade assets.

Wallet vendors require users to store raw phrases offline if they have forgotten their wallet app login details. The seed phrase is a last line of defense and users should only use it to retrieve funds from the wallet app that created it.

Trezor provides users with a backup Shamir to help them create multiple raw statements that they can store in different physical locations.

Learn the differences between two of the most popular crypto wallets here.

After downloading the app, users can select the number of phrases that will unlock the money. For example, they can create three initial sentences but they only need two sentences to unlock access to their funds.

users who compromise Their initial phrases using the Trojan Horse app on the Apple App Store likely created a single initial phrase. Creating multiple seed phrases requires users to create new wallets.

Multiple seed phrases would have ensured that even if the bogus app harvested a single phrase, it wouldn’t be able to access users’ funds.

The fake app is second in the UK App Store with the original Tresor Suite Lite above it | Source: Apple United kingdom

At the time of publication, the fake app was the second most searched search on the UK’s App Store.

The fact that Apple’s guidelines didn’t prevent the fake app from being listed is concerning.

Developers who post to the Apple Store need an Apple Account. The functionality of the app must match the features listed on the product page. Apple also has strict guidelines on the collection and processing of requested user data.

Applications must contain self-developed content. If not, the developer must have obtained the necessary licenses to use the content.

The opaque regulation surrounding cryptocurrency, especially in the US, has caused Apple to impose additional rules on Web3 companies.

Exchanges can offer hedge wallet applications in jurisdictions with the appropriate license, while self-custodial applications are subject to more general rules.

They cannot use cryptocurrencies or NFTs to unlock new features. Developers may not implant the Application with links that redirect users to third party websites to purchase items.

All purchases must be made in-app. The app should also offer features beyond a simple website.

But none of these listing requirements replace good old-fashioned due diligence.

For the latest Bitcoin (BTC) analysis from BeInCrypto, click here.

Disclaimer

Adhering to the Trust Project’s guidelines, BeInCrypto is committed to providing unbiased and transparent reporting. This news article aims to provide accurate and timely information. However, readers are advised to independently check the facts and consult with a professional before making any decisions based on this content.

Leave a Reply

Your email address will not be published. Required fields are marked *