In brief
- A malicious app stole 12 Bitcoin from Eric Savics.
- He downloaded it from the Google Chrome Store, thinking it was the official app.
- Prior to downloading it, Google had received several reports about multiple bogus KeepKey apps listed on the store—and removed some of them.
On June 10, podcast host Eric Savics was stripped of his BitcoinBitcoin life savings after downloading a malicious KeepKey wallet extension from the Google Chrome Store.
But the presence of these scam apps can’t have come as a surprise to Google. A month prior, crypto enthusiast Scott Davis reported a bogus KeepKey wallet that looked identical to the one Savics downloaded.
"I have a Keepkey hardware wallet, and I installed that fake app as well, fortunately when it asked for my passphrase through up a red flag for me," Davis told Decrypt. "I reported that app to Google."
"I wish I had taken a screenshot of the app, but It was definitely the same app that Eric posted," he added.
Podcast host loses 7 years of Bitcoin savings in a single mistake
Entrepreneur and host of the "Protocol Podcast" Eric Savics has lost his entire Bitcoin savings—12 Bitcoin, worth $113,000—in a phishing attack, as a result of downloading a malicious version of the KeepKey Bitcoin wallet. KeepKey is a Bitcoin wallet focused on security. Image: KeepKey. Savics has since reached out to the community for help but these events are usually irreversible. “I had all of my Bitcoin stolen from me in a hardware wallet phishing scam. Has anyone ever successfully retrieved...
He wasn’t the only one. Harry Denley, director of security at blockchain analytics firm MyCrypto, reported eight fake KeepKey wallets to Google from the start of May onwards. He said that Google was responsive in taking these apps down, once notified.
Yet Google’s efforts weren’t enough to stop Savics from losing his funds.
Prior to the phishing snafu, Savics spent seven years using dollar-cost averaging to build up a modest fortune of 12 Bitcoin ($110,000). He had been using the KeepKey hardware wallet to keep his stash safe and decided to download the corresponding Chrome extension on his computer. However, instead of the legitimate app, he downloaded the malicious iteration. When prompted to type in his recovery phrase—which controls access to his funds—the Bitcoin was stolen from his wallet.
In the aftermath, Savics took to Twitter asking for help recovering his funds. Nevertheless, Savics quickly learned that there are rarely second chances in crypto. Despite the community rallying around and donating Bitcoin to try and ease the loss, Savics returned the contributions and swiftly disappeared from social media.
Phishing victim Eric Savics to return donated Bitcoin
Last week, entrepreneur and “Protocol Podcast” host Eric Savics told his Twitter following that he had lost 12 Bitcoin (worth $130,000) in a phishing attack. The crypto community rallied around him and gifted him an entire Bitcoin, worth $9,500. But he now plans to return the donations. 4/ Reflecting over the weekend on the donations I have decided to return all the BTC that was so kindly sent to me.⁰In the last couple of days many people in much worst situations have shared their stories of lo...
Such malicious apps appear to be a continual problem for Google. In April, it was reported that Google had removed 49 malicious crypto wallets. Come May, a further 22 had emerged. Yet, as Savics’s situation shows, the cost of not dealing with these fake apps can number in the hundreds of thousands for those using the store.
