Close

FBI: $42.7M stolen via fake crypto apps

The Federal Bureau of Investigation is warning people to make sure their cryptocurrency trading app is legitimate, because over the past year it is believed 277 people have lost $42.7 million to fake ones designed by scammers.

Sometimes these apps appear to come from legitimate financial institutions, such was the case when cyber criminals between December 2021 and May 2022 convinced victims to download an app that used the name and logo of an actual U.S. financial institution and used the app to deposit cryptocurrency into wallets associated with the victims’ accounts. When victims attempted to withdraw funds from the app, they got an email stating they had to pay taxes on their investments before making withdrawals. After paying the supposed tax, the victims remained unable to withdraw funds.

Other times they come from what seems to be something more like a fintech company, like the YiBit scam that took place in the same time period. Scammers convinced victims to install the YiBit app and deposit cryptocurrency into their accounts. As with the scheme described above, when people tried to withdraw money they were told they needed to pay taxes on their investments, but were still unable to get money out afterwards.

Others relied on more direct social engineering. For example, in November 2021, scammers operating from a company called Superpayos defrauded victims by telling them to download the app and make multiple cryptocurrency deposits into the wallets. Later, the scammers told them that they were in a program that required a minimum balance of $900,000; when the victim tried to cancel their subscription, they were told to either deposit the funds or have all their assets frozen.

The FBI recommended financial institutions warn customers about this activity, inform them of the scope of their cryptocurrency service offerings, tell them where they can get the real online app, and periodically do searches for their name and logo to catch imitators. Investors, meanwhile, should be wary of being solicited to download an app, especially when the identity of the sender is not verified. Before downloading such an app, investors should also check that the app is legitimate, and overall to treat apps with limited or broken functionality with suspicion.