A fraudulent version of MyEtherWallet, the most widely-used Ethereum wallet, reached the third position among finance apps in Apple's App Store. Christian Lundkvist, a ConsenSys developer and founder
A fraudulent version of MyEtherWallet, the most widely-used Ethereum wallet, reached the third position among finance apps in Apple's App Store. Christian Lundkvist, a ConsenSys developer and founder of the Ethereum-based uPort identity platform, flagged the imposter on December 10th.
Users accessing the fake wallet face losing all their funds. Scammers running these applications harvest private keys and drain accounts. The MyEtherWallet team confirmed they had no involvement with the listing and filed takedown requests with Apple, writing: "This is NOT US. We have file reports and emailed and reported. Would appreciate the communities assistance in getting these scamtards out of our lives."
The company stressed that its platform remains free and open-source software. Both users and MyEtherWallet's developers have submitted complaints to Apple about the urgency of removing the fraudulent app.
Wallet scams take different forms. In November, scammers used a replica of MyEtherWallet called MyEthereumWallet to steal approximately $21,000 in Ether from an account holder. The victim shared details of the attack online, describing how the phishing operation succeeded.
Investors have lost hundreds of thousands of dollars to wallet fraud. Users browsing for apps in the Apple App Store often assume that any app on the platform has been verified. Android users encounter different hazards. When Google users search for Bitcoin or Ethereum wallets, sponsored ads point to phishing sites. In October, a user documented a fake Blockchain wallet domain operating as Bockcheian.com, a misspelling that catches careless typists.
Blockchain itself is a popular Ethereum wallet. Scammers using compromised versions could drain all user funds. Coinbase faces the same risks.
Cryptocurrency users cannot rely on platform checks alone. They must verify they are accessing legitimate versions of these services before entering private keys or sending funds.
