Crypto Stolen - Malicious Apps in Apple Store

The apps from the Apple or Android store are always safe and legitimate. Correct?
After all, we are speaking about big corporations with plenty of resources to ensure that all the software in their stores is safe and legitimate.
Well, that's a dangerous misconception, and unfortunately, some crypto users have discovered this the hard way.

Two Real Life Stories

There are two different stories, from February and June 2024 but with the same background:
Many crypto users download an app from the Apple store, and their wallets are drained.

Spreading awareness can prevent this kind of situation, so please read through the stories, learn from them, and share them with your crypto pals.

2nd of February 2024
A crypto user downloaded an app called Raydium from the Apple App Store, thinking it was an official app.
After linking their Trust Wallet to the Raydium app, the funds in his/her wallet were drained.

Additionally, 23 more users disclosed that they made the same mistake, and their wallets also drained.
The first story was posted on February 2, 2024, and the last was posted on May 15, 2024.
This means that malicious apps were available for download for many months.
Also, if you read the stories, you will notice that crypto assets worth many thousands have been stolen.

Read the full store on discussions.apple.com

12th of June 2024
A crypto user installed an app called RaydiumV3 from the App Store, thinking it was official. The app asked for the user's Phantom wallet recovery phrase, which they entered despite initial suspicion, trusting that apps on iOS are typically secure.
Unfortunately, the app was fraudulent, and their Phantom wallet was drained of its funds.

Read the full story on Reddit

No Problem... That Will Not Happen To Me

If you have read the two stories, your initial thought was:
That will not happen to me... I would never install a malicious app and will not disclose my wallet seed phrase to some third-rate scam.
Think twice.

From the same Reddit story, if you read through the comment, you will eventually reach this one:


We are very grateful to this and any other crypto users who share their stories because they raise awareness.
Other people's life lessons will most certainly cause stress and pain to those willing to receive and learn from them.
Please be extra careful and encourage yourself and others to learn from the experience of other crypto users.

How to Verify Apps and Extensions

You must take extra precautions when downloading and installing apps, extensions, and software and be triple-sure (always check!!!) that you are downloading a legitimate application.

Let's verify the legitimacy of a browser EXTENSION app.
The popular Phantom wallet:

These are the steps we are taking, and you may want to take as well next time you need to install an app you are not familiar with:
Check Developer Information:

• Verify the developer’s name and research their other apps. (website visited and researched - https://phantom.app/about: check)

• Look for a professional website and contact information. (The website looks professional, was created in 2021, and has been consistent over the years -verified using the Wayback machine: check)

Read Reviews and Ratings:

• Check user reviews and overall ratings (913 ratings: check)
• Look for patterns of negative feedback or complaints about scams (4.0 overall score: check)

Review App Permissions:

• Evaluate the permissions the app requests. (check)
• Be cautious of apps asking for unnecessary or excessive permissions. (meh... not great, but it is the same for other wallets: check)

Official Sources:

• Download apps directly from official websites or trusted sources. (Chrome web store: check)
• Cross-reference with the official app’s website for links to the app store. (Website visited and verified: check)

Search for News or Alerts:

• Look for news articles or alerts about the app’s legitimacy. (Check)
• Use online forums and communities to get feedback from other users - Or use free online tools like virustotal.com to check the URL https://phantom.app/ for any flags (check)

Examine the App Description:

• Look for spelling errors, vague descriptions, or too-good-to-be-true promises. (check)
• Professional and detailed descriptions are more trustworthy. (check)

Good Safety Practices for Crypto Users

When reading through the two stories and the comments from other users, there are a few safety practices worth mentioning that are valuable for all crypto users navigating this exciting but challenging space:

• Keep valuable crypto assets in a cold wallet (and keep it safe)
• When in doubt, use a burner wallet
• Set up email wallet transaction notifications to quickly identify any transaction you have not initiated.
• Use Web3 security tools, like the Wallet Guard browser extension, to flag malicious websites and transactions.
• Delegate your assets from your primary wallet (e.g., a cold wallet) to your hot wallets for everyday use. You no longer need to expose your valuable NFTs to participate in airdrops; you can keep them safe while using them.

Most importantly, keep learning from other people's experiences and expanding your knowledge of how to protect your digital and crypto assets from hacks, scams, and accidents.


Consider subscribing to our blog to receive notifications every time we publish short but informative stories about how to keep your assets safe.