Crypto Assets Applications Proliferation: Risks in App Stores and User Security Concerns

With the rapid development of the Crypto Assets market, a large number of related applications have flooded into mobile app stores, providing users with a wealth of trading, investment, and asset management tools. However, this craze has also created opportunities for criminals, as some cleverly disguised scam applications have mingled among them, posing a serious threat to users' asset security.

This article will take the iOS platform's app store as an example to explore the current situation of counterfeit Crypto Assets applications, analyze the rampant reasons behind them, and reveal the potential dangers posed by these high-fidelity applications through actual cases, aiming to raise users' awareness.

The Current State of Counterfeit Crypto Assets Applications

Taking the well-known Magic Eden and Jupiter as examples, these two influential platforms in the Crypto Assets field have become prime targets for scammers to imitate.

Magic Eden, as a widely popular multi-chain NFT trading market, provides users with a platform to buy, sell, and explore digital artworks. However, on March 7, members of the Magic Eden team discovered scam applications impersonating their brand in app stores. These applications trick users into downloading and using them by mimicking the official website and interface design, and they ask for sensitive information such as wallet private keys to carry out the scams. Since Magic Eden has not launched an official mobile application, it makes it difficult for users to distinguish the authenticity of these malicious applications.

Similarly, the decentralized exchange Jupiter based on Solana has also been affected by counterfeit applications. The user comments section is filled with scam warnings, with victims reporting that after downloading and using the application, they lost $1250 due to authorization actions. Even more seriously, such applications can also steal users' mnemonic phrases, leading to larger-scale thefts.

Fraud Address Analysis

Based on a scam address publicly disclosed by a victim, we conducted an in-depth analysis. This address stole the mnemonic phrases of 298 suspected victims and laundered funds between January 11, 2024, and March 30, involving a total fund flow of 353.6 ETH and 330,500 USDT.

Hackers converted various stolen coins into USDT through a certain DEX and then stored them in multiple addresses. Some of the profit funds have been transferred directly to a trading platform or through a cross-chain bridge. It is worth noting that this address has been marked as a phishing address and ceased activity on March 30.

This case clearly demonstrates that the threat of counterfeit Crypto Assets applications is real and urgent. It not only directly harms users' economic interests but also severely negatively impacts the reputation of the relevant brands.

Reasons for the Rampant Counterfeit Applications

1. There are loopholes in the review process: Although app stores have strict review mechanisms, there is still a possibility of circumvention. Some developers may exploit vulnerabilities in the review process, allowing counterfeit or fraudulent apps to temporarily pass the review. Even if an app is found to be used for malicious purposes after being listed, it takes time from discovery to removal, giving criminals sufficient operational space.

2. Abuse of Technical Means: Malicious developers may use advanced technical methods to evade security detection. For example, using techniques such as code obfuscation and dynamic content loading to conceal the true intent of the application, making it difficult for automated security detection tools to identify its fraudulent nature.

3. Leveraging User Trust: Fraudulent application developers mislead users into downloading and using their apps by imitating the appearance and names of well-known applications, taking advantage of users' trust in the brand. Since users generally believe that the apps in the app store have undergone strict reviews, they may overlook the necessity for further verification.

Prevention Suggestions

To address this issue, app stores need to continuously improve their review processes; official project teams should promptly identify and report counterfeit applications; and Crypto Assets users should take the following preventive measures:

• Carefully verify the developer information
• Check the app ratings and user feedback in detail before downloading.
• Report suspicious applications in a timely manner
• Download applications only from official channels
• Be cautious of applications that request your private key or mnemonic phrase.

Through the joint efforts of multiple parties, we can build a safer Crypto Assets application ecosystem to protect users' asset security.