Fake Bitcoin wallet apps are routinely leaking through Apple's App Store vetting process, leaving users' accounts at risk of being compromised and their coins stolen.
That's according to developers of the Breadwallet app, who estimate that fake wallets in the App Store have already lost users of the digital currency up to $20,000.
The suspect apps were first identified by the company in a post on Reddit, warning users that at least eight fake wallets on the App Store were using the same, or very similar, names to existing official mobile wallet apps.
The scam apps appeared to be aping portions of source code, icons, and graphics from legitimate apps to fool users into thinking they were using official wallets.
Breadwallet discovered a fake version of its own app which was added to the App Store on July 29, using the same name and icon as the official version. The company took immediate action and contacted Apple to remove the offending app, after customers inadvertently downloaded the fake and reported stolen funds.
"We talked with one customer who claims to have lost about $10,000, and if we go and look at the coin address where those coins were deposited, last I checked there was $20,000 listed at that address," said Breadwallet co-founder Aaron Voisine, speaking to Motherboard. "So, that's our current estimate for how much customers have lost."
Apple has since removed the offending apps listed by Breadwallet, but their appearance on the App Store has left Bitcoin wallet developers and users questioning the robustness of Apple's vetting process for financial apps.
"I think it would be good for Apple to go through some extra process to make sure they have the identity of the person posting any app in the finance section," Voisine said.
Founder of SSL security certificate company BlackCert, John Casaretto, told SiliconANGLE that the Application Development Signing Certificates, the Apple Developer Program, and the application review process had all been negated by a handful of malicious apps making it onto the Store recently.
"For a long time, it seemed as though Apple's tight controls over its ecosystem were a fairly impenetrable measure against nefarious applications, malware, and junk," said Casaretto. "Clearly that is not the case anymore."