Downloaded a Trezor app for your Apple iPhone lately? Better double check it.
A malicious Trezor app has appeared on the Apple App Store, potentially putting users at risk danger of losing their crypto. Under the fake name "Trezor Wallet Suite," the app was pointed out on Twitter yesterday as a false version of the hardware wallet provider’s software.
Rafael Yakobi, a partner at The Crypto Lawyers, cautioned users yesterday on Twitter, claiming that the app will “request your seed phrase, allowing its operators to steal all of your crypto.” According to the crypto lawyer, the app has been available for weeks, which means there could eventually be hundreds of thousands of victims.
— truth.sats (@TwebbaC) June 20, 2023
A seed phrase is a list of words which store all the information needed to recover the cryptocurrency in your hardware wallet if it’s lost or stolen.
The true, open source wallet created by Trezor should appear in mobile app stores as Trezor Suite Lite, according to the company’s official website. Oddly, however, the fraudulent app managed to elude Apple’s extensive review guidelines.
Trezor did not immediately reply to a request for comment from Decrypt.
News of this malicious app comes only a week after Apple warned decentralized social network app Damus–which allows users to access Nostr–it had 14 days to bring its tipping feature into compliance or it will face removal from the app store.
This malicious activity also surfaces only a few months after Ledger, one of Trezor’s main competitors, caught the wrath of the crypto community when it launched a controversial private key recovery service known as Ledger Recover.
Hardware wallets, such as Trezor, are an intricate part of the self-custody process. Although considered by experts as the most secure way of holding your private keys, they do require a reasonable level of technical knowledge, and can be a daunting activity.