Skip to content Skip to footer

A fake Trezor app has been on the App Store for weeks harvesting seed phrases

The malicious app has now been removed, but there could be thousands of victims.

Cold wallet Trezor is one of the safest ways to store your crypto. Scammers have seemingly capitalised on this trust, creating malicious fake Trezor apps and launching them on Apple’s App Store. 

On June 19, Rafael Yakobi, a managing partner at The Crypto Lawyers, tweeted that a malicious app called ‘Trezor Wallet Suite’ was the top result when searching for ‘Trezor’ on the app store. The real, secure wallet is actually called Trezor Suite Lite.

Yakobi stated that the app requests a users’ seed phrase, allowing its operators to “steal all of your crypto”.

“This app has been up for weeks,” Yakobi noted, adding that the total number of victims “could easily be in the hundreds or thousands”. 

Apple has now removed the app, but a quick search on the UAE App Store reveals another potentially malicious Trezor app called ‘MyTREZOR Suite: One Edition”. 

The app is apparently four years old, but it doesn’t have enough reviews to generate a summary rating.

It’s unclear how the app managed to pass Apple’s strict review process. 

Trezor is one of the most popular hardware wallets. It functions by generating a unique private key offline during the setup process, ensuring that it is never exposed to potential online threats.

In late May, the wallet saw a staggering 900% increase in sales after Ledger, a similar hardware wallet, unveiled Ledger Recover – a feature that gives users the option to recover their seed phrases if the phrase is lost or forgotten. 

Read more: Ledger seed phrase recovery service is on hold until source code is open

Time will tell how many people have been impacted by the malicious Trezor app, but it’s not the only bad actor in the space over the past few weeks. 

On June 5, crypto wallet Atomic Wallet suffered a major hack, resulting in $100 million in losses. More than 5,500 wallets were compromised by what is believed to be the notorious North Korean hacker group, Lazarus. 

When it comes to downloading crypto software, the safest option is to download directly from the manufacturer’s website. For more tips relating to wallet safety, read here

Disclaimer: CryptoPlug does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.

Leave a comment

Go to Top