According to the estimate of the Breadwallet developers, scams from the App Store posed as bitcoin wallets have cost users $20,000. Apple has removed suspicious apps from the store.
Fake apps using the same (or similar) names as real bitcoin wallets, as well as parts of their source code and graphics, included Breadwallet, Bitcoin Wallet, BitGo, CoinPase, GreenAddress, Bitcoin Armory Wallet, GreenBits, Blockchain and BitcoinCore. The applications looked almost identical to real ones, prompting users to send their bitcoins to the scammers. Open-source apps were especially easy to mimic.
The scam was signalled on Reddit first by user Logical007 and then investigated by Breadwallet developers. Contacted by the company, Apple promptly removed suspicious apps. However, according to Aaron Voisine, Breadwallet co-founder, the harm has already been done:
“We talked with one customer who claims to have lost about $10,000, and if we go and look at the coin address where those coins were deposited, last I checked there was $20,000 listed at that address. So, that's our current estimate for how much customers have lost.”
According to some Reddit users, the situation seriously undermines Apple’s security claims:
- I thought they had a decent vetting process (Dignified27)
- You're right! Had is past tense (Dude-Lebowski)