- Fake Trezor Wallet Suite app discovered on Apple App Store, posing a security risk for users.
- Users who enter their seed phrase in the fake app may expose their assets to potential theft.
A concerning development has come to light in the world of cryptocurrency security. A fake Trezor Wallet Suite app has been identified on the Apple App Store, potentially endangering users’ digital assets. Rafael Yakobi, a partner at The Crypto Lawyers, brought attention to this issue, highlighting that the fake app was available on the App Store for several weeks.
The legitimate wallet app provided by Trezor is named “Trezor Suite Lite.” However, the counterfeit app, called “Trezor Wallet Suite,” appeared prominently in search results on the Apple App Store. It is important to note that at the time of writing, the fake app does not appear to be listed on the Japanese Apple App Store.
Rafael Yakobi further warned that users who input their seed phrase (recovery phrase) into the fake app could expose their assets to the risk of theft. The seed phrase is a series of 12 to 24 words that converts the wallet’s private key into a readable format. It is essential for unlocking the wallet. If the seed phrase is lost, access to the wallet is compromised, and the stored cryptocurrencies may be irretrievable.
Trezor is a company that manufactures hardware wallets for cryptocurrencies. Their devices, such as Trezor One and Trezor Model T, allow users to store their cryptocurrencies offline securely. The Trezor Suite Lite mobile app is designed as a companion device that syncs with the desktop app, providing limited functionality such as balance checking. Users can track their asset status and receive cryptocurrencies on the go using Android and iOS devices.
It is crucial to recognize that hardware wallets, often referred to as “cold wallets,” offer a level of physical protection for digital assets by storing the wallet’s private key offline, protecting against hacking attacks via the internet. The need for self-management options surged in the cryptocurrency market following the revelation of the misappropriation of customer assets at FTX, a major cryptocurrency exchange, in November 2022. Consequently, hardware wallet sales, including those of Ledger and Trezor, experienced a rapid increase.
However, it is important to note that effectively utilizing a hardware wallet requires a certain level of knowledge. The complexities and risks associated with self-managing cryptocurrencies, including the potential loss or theft of private keys and seed phrases, are ongoing concerns. Moreover, if a hardware wallet is physically stolen, the protection of assets becomes challenging.
The “RDP downgrade attack” technique, for instance, allows attackers with specialized hardware and knowledge to manipulate the voltage of STM32 microchips, bypassing established security measures and extracting the contents of the flash memory.
In response to these challenges, Trezor is actively developing new security configurations for their hardware wallets and planning to address the issues associated with RDP attacks. Hardware wallets, which store the private keys required to access the wallet, are not wallets themselves but devices that store those private keys. Users install dedicated applications on their computers and connect external devices to manage their wallets.
While disconnected from the computer, the wallet functions as an offline wallet.