There have been a number of sophisticated and well-organised scammers who have been exploiting the popularity of cryptocurrency by creating fake apps with the intention to steal hundreds of thousands of dollars from wannabe Australian crypto investors.
Recent data published by The Australian Competition and Consumer Commission (ACCC) illustrated that almost 30 reports of the emerging scam between June and November last year, with $374,000 in losses accumulated.
However, the ACCC believes that the actual losses from these types of scams are most likely much higher than what is actually appears to be occurring. This is because the research demonstrated that only about 13 percent of the scam victims reported their experience.
In June 2021, a Canberra based engineer named Paul invested $5,000 in a new cryptocurrency project named Cake Monster.
Paul then starting looking for a cryptocurrency wallet, which is a common phone application that enables him to send and receive the new digital currency on his mobile device.
Because cryptocurrency is digital, it isn't stored physically. Instead, all transactions are recorded and stored on the blockchain a series of codes that acts as a ledger for every transaction.
Paul wanted to find a wallet that would connect well with Cake Monster so he searched on the Google Play store.
One of the wallets available to connect through was an app called] WalletConnect. However, Paul didn't realise was that although WalletConnect is a legitimate company, it does not offer a phone app.
Despite this, there was a WalletConnect app available on the Google Play Store at the time Paul was looking. It carried the actual company's logo and had a rating of 4.5 stars.
"I glanced at it and it checked those boxes in terms of looking legit. It had the WalletConnect logo and everything, so I downloaded it and it must have asked for my seed phrase,” says Paul.
A seed phrase can be described a set of words similar to a unique password that enables access to cryptocurrency securely, through a wallet.
Although he was slightly sceptical at the time, Paul still decided to share his seed phrase. A few days later, he realised something was wrong.
"I was just sitting on my couch and I got a notification on my phone saying that a transaction had gone through. It had basically transferred all of my holdings in this cryptocurrency out without asking for my authorisation or anything. It completely emptied my wallet,” says Paul.
"When that notification popped up and I saw that it was gone, I had that sinking feeling, knowing I'm never going to get this back,” continued Paul.
WalletConnect co-founder Pedro Gomes, who is based in Europe has said that the company started receiving reports of fake apps, websites and emails in 2021.
"This is unfortunately a reality of the cryptocurrency space as a whole and they are not exclusive to WalletConnect, many apps and wallets suffer the same," says Pedro Gomes.
Mr. Gomes said while Google took the fake apps down after receiving reports of issues, scammers created them much faster than the platforms could actively remove them.
"We even used services that automated reporting to Google and other hosting providers. Basically, these services would submit detailed reports of the fake website or fake app to the platform they are hosted on and within a week or two they would be taken down. But scammers create these much faster than the platforms can actively take them down and it becomes a race between the two,” says WalletConnect co-founder Pedro Gomes.
Pedro Gomes recommended consumers never share their secret recovery phrase or seed phrase with anyone, including seemingly reputable companies or support staff.