Is Trezor a scam

App store scammers steal $ 600,000 from iPhone users

Michael Simon

Use caution when downloading cryptocurrency apps from the App Store. The case of an iPhone owner from the USA shows what can happen if you are not careful.

EnlargeBe careful with apps that you install on your smartphone.
© Olszewski

When iPhone user Phillipe Christodoulou downloaded the Trezor app from the App Store in February, he believed he could use it to check his Bitcoin balance. To do this, he thought, all he had to do was connect his Trezor device to the Lightning port on his iPhone. Instead, the Washington Post reports, he lost all of his savings in one fell swoop - 17.1 bitcoin worth $ 600,000.

Trezor is not an unknown bitcoin company. It was one of the first companies to offer a personal hardware wallet and was recommended by Twitter inventor Jack Dorsey. But Trezor doesn't make an iPhone app and its U2F hardware token doesn't work with the iPhone. The Trezor website says, "Using your Trezor device on iOS is not (yet) supported", but if you don't dive into the specifications, you might be overlooking this.

The device used by Christodoulou stores a personal recovery code consisting of 12-24 words and has a small screen "to fully inform you of the authentication request before you approve it". The app he used apparently took this information to siphon bitcoin from his account.

Aggrieved accused Apple

But Christodoulou doesn't blame Trezor for the theft. He accuses Apple of allowing the app in the first place. Apple told the Washington Post, "In the limited cases in which criminals defraud our users, we take quick action against those actors to prevent similar violations in the future," and an App Store search for a Trezor app brings up no specific results emerged. Apple did not want to comment to the Washington Post whether it had contacted the authorities about the app.

According to the Post, Apple approved the app as "a 'cryptography' app that encrypts iPhone files and stores passwords," and the developer specifically told Apple that it was "not involved in any cryptocurrency." However, the app quickly turned into a cryptocurrency wallet, which Apple does not allow, but also does not track until a user points it out. As soon as they informed about this specific fraud, Apple removed the app and a follow-up app that appeared in the store days later.

Apple told Christodoulou that it is investigating the issue, but it is unlikely that he will be the last iPhone user to be affected by such a scam. In the same report, iPhone user James Fajcz claims that he was also defrauded of $ 14,000 by a fake Trezor app.