In brief

  • A malicious app stole 12 Bitcoin from Eric Savics.
  • He downloaded it from the Google Chrome Store, thinking it was the official app.
  • Prior to downloading it, Google had received several reports about multiple bogus KeepKey apps listed on the store—and removed some of them.

On June 10, podcast host Eric Savics was stripped of his Bitcoin life savings after downloading a malicious KeepKey wallet extension from the Google Chrome Store. 

But the presence of these scam apps can’t have come as a surprise to Google. A month prior, crypto enthusiast Scott Davis reported a bogus KeepKey wallet that looked identical to the one Savics downloaded. 

KeepKey is a Bitcoin wallet
KeepKey is a Bitcoin wallet focused on security. Image: KeepKey.

"I have a Keepkey hardware wallet, and I installed that fake app as well, fortunately when it asked for my passphrase through up a red flag for me," Davis told Decrypt. "I reported that app to Google."

"I wish I had taken a screenshot of the app, but It was definitely the same app that Eric posted," he added.

He wasn’t the only one. Harry Denley, director of security at blockchain analytics firm MyCrypto, reported eight fake KeepKey wallets to Google from the start of May onwards. He said that Google was responsive in taking these apps down, once notified.

Yet Google’s efforts weren’t enough to stop Savics from losing his funds.

Prior to the phishing snafu, Savics spent seven years using dollar-cost averaging to build up a modest fortune of 12 Bitcoin ($110,000). He had been using the KeepKey hardware wallet to keep his stash safe and decided to download the corresponding Chrome extension on his computer. However, instead of the legitimate app, he downloaded the malicious iteration. When prompted to type in his recovery phrase—which controls access to his funds—the Bitcoin was stolen from his wallet.

In the aftermath, Savics took to Twitter asking for help recovering his funds. Nevertheless, Savics quickly learned that there are rarely second chances in crypto. Despite the community rallying around and donating Bitcoin to try and ease the loss, Savics returned the contributions and swiftly disappeared from social media. 

Such malicious apps appear to be a continual problem for Google. In April, it was reported that Google had removed 49 malicious crypto wallets. Come May, a further 22 had emerged. Yet, as Savics’s situation shows, the cost of not dealing with these fake apps can number in the hundreds of thousands for those using the store.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.