Fake Bitcoin wallet apps are routinely leaking through Apple's App Store vetting process, leaving users' accounts at risk of being compromised and their coins stolen.
That's according to developers of the Breadwallet app, who estimate that fake wallets in the App Store have already lost users of the digital currency up to $20,000.
The suspect apps were first identified by the company in a post on Reddit, warning users that at least eight fake wallets on the App Store were using the same, or very similar, names to existing official mobile wallet apps.
The scam apps appeared to be aping portions of source code, icons, and graphics from legitimate apps to fool users into thinking they were using official wallets.
Breadwallet discovered a fake version of its own app which was added to the App Store on July 29, using the same name and icon as the official version. The company took immediate action and contacted Apple to remove the offending app, after customers inadvertently downloaded the fake and reported stolen funds.
"We talked with one customer who claims to have lost about $10,000, and if we go and look at the coin address where those coins were deposited, last I checked there was $20,000 listed at that address," said Breadwallet co-founder Aaron Voisine, speaking to Motherboard. "So, that's our current estimate for how much customers have lost."
Apple has since removed the offending apps listed by Breadwallet, but their appearance on the App Store has left Bitcoin wallet developers and users questioning the robustness of Apple's vetting process for financial apps.
"I think it would be good for Apple to go through some extra process to make sure they have the identity of the person posting any app in the finance section," Voisine said.
Founder of SSL security certificate company BlackCert, John Casaretto, told SiliconANGLE that the Application Development Signing Certificates, the Apple Developer Program, and the application review process had all been negated by a handful of malicious apps making it onto the Store recently.
"For a long time, it seemed as though Apple's tight controls over its ecosystem were a fairly impenetrable measure against nefarious applications, malware, and junk," said Casaretto. "Clearly that is not the case anymore."
Top Rated Comments
Who else should share the blame? Apple is the sole arbiter of what goes on the app store. Nothing hits the store without Apple's approval. But seriously, who else should take some of the blame?
Respectfully, I strongly disagree with both of you. Strongly. Whether or not there are difficulties associated with Bitcoin, it's Apple's responsibility to ensure that the apps on the app store are legitimate. Period. If Apple's approval process can't properly vet Bitcoin apps, they should stop approving them until they can get a reliable and consistent process in place.
However I don't remember anywhere when these Bitcoin wallet developers gave Apple clarity about how to appropriately approve these apps - distingush what is fake and real - as they could quite easily be misused; especially as it's a more unorthodox payment method.
Not to say Apple shouldn't take a portion of the blame, but to put the blame entirely in their hands is a little disingenuous.
[doublepost=1470744089][/doublepost]And in yet ANOTHER Bitcoin hack - $70 million stolen and the value drops by 20% - who in the right mind bothers with this "currency"