Fake “Trezor Wallet Suite” Harvests Seed Phrase to Steal Funds

New Trezor Seed Phrase Scam May Have Robbed Thousands of Users

The first search hit for “Trezor” on the Apple Store is a malicious app that will harvest your seed phrase to steal your crypto.

The app in question is called Trezor Wallet Suite and has been on the app store for a few weeks and may have stolen funds from thousands of people. 

Trezor Suite Lite is Real App

The fake Trezor Wallet Suite was first revealed by Rafael Yakobi, a managing partner at The Crypto Lawyers, who warned,

“Using crypto properly and safely requires extreme due diligence. If you know anyone that uses a Trezor, please make them aware. ”

Trezor manufactures hardware crypto wallets offering users the safety of holding crypto offline and being less vulnerable to attacks.

Its actual companion iOS app is called “Trezor Suite Lite” and enables users to exchange crypto assets, track their portfolio, and trade assets.

Wallet vendors ask users to store seed phrases offline if they forget their wallet app login details. The seed phrase is a last line of defense and users should only use it to recover funds from the wallet app that generated it.

Trezor offers users the Shamir backup to help them generate multiple seed phrases they can store at different physical locations.

Learn about the differences between two of the most popular crypto wallets here.

After downloading the app, users can select how many phrases will unlock funds. For example, they can generate three seed phrases but only require two to unlock access to their funds. 

Users who compromised their seed phrases using the Trojan Horse app on the Apple App Store likely created a single seed phrase. Generating multiple seed phrases requires users to create new wallets.

Multiple seed phrases could have ensured that even if the bogus app harvested one phrase, it could not access user funds.

Fake app is second on UK App Store with the authentic Trezor Suite Lite above it | Source: Apple UK

At press time, the fake app was the second search hit on the UK app store.

The fact that Apple’s guidelines did not prevent the fake app’s listing is troubling.

Developers publishing to Apple’s store need an Apple account. App functionality must conform with features listed on the product page. Apple also has strict guidelines on collecting and handling user data required.

Applications must contain self-developed content. If not, the developer must have secured the necessary licenses to use the content.

Murky regulation surrounding crypto, especially in the US, has caused Apple to impose additional rules for Web3 firms.

Exchanges can offer custodial wallet apps in regions with an appropriate license, while self-custodial apps are subject to more general rules.

They cannot use cryptocurrencies or NFTs to unlock new features. Developers may not seed the app with links that redirect users to third-party websites to buy items.

All purchases must occur in-app. The app must also offer features beyond a simple website.

But none of these listing requirements replace good, old-fashioned due diligence.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Source link

Be the first to comment

Leave a Reply

Your email address will not be published.