A crypto-draining app that mimics bitcoin wallet Leather was available to download via Apple’s app store for at least four years, despite being the subject of repeated warnings and reportedly stealing $120,000 in Stacks (STX).
Last Monday, Leather warned its followers on X (formerly Twitter) to avoid downloading the fake app and entering any seed phrases. It clarified that it hadn’t yet issued an iOS app, saying “We promise we’ll let you know once our mobile app is actually ready.”
On Monday, Portal Finance founder George Burke claimed to show a transaction demonstrating that on the fake app stole just under 38,000 STX, worth roughly $120,000. He also told the co-creator of Stacks to warn his community about the scam.
Just lost my ordinals.
— VonDoom.eth ☕️ (@CryptoVonDoom) March 10, 2024
Might have downloaded a bad version of Leather Wallet from the App Store.
Unbelievable.
All my decent stuff went here.https://t.co/8zG9061Tiw
Read more: China has problems with fake wallets copying its digital yuan
X user CryptoVonDoom also suffered losses, claiming that at least 27 NFTs, ordinals, ‘rare’ sats, and bitcoin were stolen after falling for the app. They said, “At a first and second glance it seems fine but I wonder if I actually processed the developer name I would have slightly paused.” The app was published by ‘LetalComRu.’
“The stolen branding from @LeatherBTC is just so clean I likely wouldn’t have thought about it,” CryptoVonDoom added. The fake Leather app used positive reviews likely created using AI, the Leather logo, and descriptions of a typical crypto wallet to create an illusion of authenticity.
Read more: Nearly $580K drained with Cointelegraph, Wallet Connect fake airdrop
Users are tricked into inputting their recovery seed phrase into the app. Hackers can then use this phrase to transfer all your assets to their own crypto wallets.
Indeed, the fake app was available via Apple’s app store as recently as Monday morning, despite warnings from Leather over a week ago. CryptoVonDoom noted that the app had been listed for at least four years. At the time of writing the app appears to have been taken down.