It’s not the first time, and it probably won’t be the last, but the FBI has issued a warning about cryptocurrency scams. On this occasion, it has highlighted fake crypto apps, which look like legit investment applications but function solely to steal personal cryptocurrency holdings. According to the agency, criminals used such apps to steal $42.7 million in crypto from 244 victims between October 2021 and May 2022, and they’ll likely steal more in the coming months and years.
Combined with other cryptocurrency scams, as well as fake crypto apps buried in the Apple App Store and Google Play Store, these apps present the crypto-investing public with considerable dangers. However, this article will explain how to spot fake crypto apps, as well as how to protect yourself from them. That way, you can concentrate on investing.
FBI Warns About Fake Crypto Investment Apps
The FBI’s notification from late July makes for some instructive reading since it outlines several things to look out for when presented with an app or platform that may or may not be fraudulent.
First of all, the agency underlines the fact that, in many cases, scammers will produce apps that use “the names, logos, and other identifying information of legitimate USBUSs [US businesses], including creating fake websites.”
This means that investors may be invited to download the ‘official’ app of a known crypto-exchange or financial institution, yet there are likely to be several important differences between the real app and a fake one. Here’s what you should do to tell the difference:
1. Try going to a platform or exchange’s official website and finding the app there. Generally, potential victims of fake crypto app scams are approached via social media or some kind of online forum (e.g. Twitter, Telegram, Reddit). If you have ever sent a link to a download for a crypto app from a company you have heard of, ignore it and go to the official website of whatever platform the person claims to be from. If you can’t find one, then you probably have a scam on your hands.
2. If you have never heard of the company, exchange, or platform someone claims to be from, then try searching for them using Google, DuckDuckGo, or an,y other reputable search engines. If you can’t do anything substantial for them (e.g. mentions in news articles from reputable outlets), then the crypto app they’re trying to get you to download is probably a scam.
3. More simply, being approached directly online should already be warning enough that you’re dealing with a scam. Coinbase, Kraken, or any o, the major exchanges will not try to contact you via Twitter (or anywhere else) to encourage you to download your app, and the same goes for decent smaller exchanges and brokerages. Treat anyone contacting you directly with a crypto app or download link with extreme skepticism.
4. Other things to look out for include how the crypto app in question is presented. If it looks amateurish, features incorrect spelling and/or grammar, or has limited or buggy functionality, it shouldn’t be trusted with your crypto, fiat currency, or financial details.
Check, and Double-Check
These guidelines are reinforced by the FBI’s report. In particular, its warning covers three separate scams, each of which used fake crypto apps in slightly different ways.
The first scam ran between 22 December 2021 and 7 May 2022 and defrauded at least 28 victims of roughly $3.7 million. In this case, fraudsters encouraged victims to download an app that bore the logo and name of an actual US financial institution, while also convincing them to deposit crypto into the app. 13 of the people who deposited crypto into the app tried to withdraw their funds, but were told they had to pay tax on their investments before being able to withdraw. They paid this ‘tax,’ but still couldn’t withdraw their crypto.
The second scam, running from 4 October 2021 to 13 May 2022, was similar to the first, managing to steal $5.5 million from at least four victims. In this case, the criminals presented themselves under the name of YiBit, which they had taken from a legitimate crypto exchange that closed in 2018.
With the third scam, criminals operated under the name of Supayos (and Supay), which the FBI reports is the name of an exchange provider operating in Australia. Using this name, they created a fake crypto app that managed to defraud two victims between 1 November and 26 November 2021, with one victim being told that he’d signed up for an account with a mandatory minimum balance of $900,000.
In each of these three cases, criminals used the name of a pre-existing company and/or platform. As such, it pays to search online and on official channels for confirmation of what they’re claiming. If they claim to be from Company X, check online for independent information about Company X. If Company X is a legitimate business, download any official app it may have from official channels (e.g. the Apple App Store, Google Play Store, or the company’s actual website). If you can’t find independent info which confirms Company X is legitimate, move on.
As the FBI concludes:
“Verify an app is legitimate before downloading it by confirming the company offering the app exists, identifying whether the company or app has a website, and ensuring any financial disclosures or documents are tailored to the app’s purpose and the proposed financial activity.”
While the FBI doesn’t refer to fake crypto apps in the Apple App Store or Google Play Store in its latest warning, similar principles apply. Namely, if you’re searching for the app of a crypto-exchange or crypto-related service in one of these stores, check that any you find is the app you’re looking for. Because there have been cases (e.g. Trezor) of criminals creating fake apps for real businesses.
1. Check for reviews: real, official crypto apps should have lots of user reviews on either the Apple App Store or Google Play Store. Fake crypto apps will have few reviews, and most of these will likely be bad
2. Again, find the official website of the exchange, platform, or service you’re after and reach its app on the iOS or Android app stores by clicking on the correct link on this website.
These are all simple steps. However, by following them at all times, you can save yourself from becoming the next victim of crypto’s legions of cybercriminals.