Thankfully the App Store doesn't allow side loading, because it completely stops fraud like this. At least that's the number one reason why I keep getting told if we allow side loading this will happen.
Is there more scams of web3 in the App Store or on the open internet? Not defending Apple but kind of a strawman to claim they said it stops 100% of fraud and abuse. That’s like saying seatbelts don’t work because people still get hurt in car crashes.
Apple are pretty bad for this and I don't think it's the first time it's happened. A lot of the problem is if you search for some app in the iOS app store the top result is a paid ad and the established app you want is the second result so people who don't know that click on the top one and lose their funds.
Also they should check the app but wallet security is tricky - you can put subtle vulnerabilities in that are hard to spot.
And don't you think its a strawman to compare only being and to install "" approved "" ($100/year for apple) software to a seatbelt? There is no use case for not wearing a seatbelt. That is not true for being able to install software.
Plenty of people disagree that there is no use case to not wearing a seatbelt. That you find it impossible to imagine makes it an even better analogy actually.
People can disagree with whatever, everyone is allowed to be stupid.
But most reasonable people agree there's no tangible use case to not wearing a seatbelt. There are infinite tangible use cases to using software outside the app store, that reasonable people can all acknowledge.
Eh, kinda a weak argument. Too easy to counter with "but sideloading would let that happen more!" That might even be right, and a difference in amount is important. There will never be a totally secure system, after all.
I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.
This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.
> people entered their seed phrases into the app, then discovered their wallets were immediately drained.
Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.
I'm probably over thinking this and it was just a quick and dumb money grab.
a bird in the hand is worth much more than ten in the bush. The 'collect and sweep' strategy is extremely risky because seeds are perishable. You're racing against the app getting nuked and the users rotating keys.
This should not have happened. But I have a hard time finding any sympathy for cryptocurrency folks. The quote from the article:
"I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant."
Leaves me really shaking my head. If someone has the knowledge to even buy bitcoin or cryptocurrency, I imagine they have enough knowledge to know how utterly crime-ridden and risky of a speculation it is. It's like if someone decides to put their retirement fund into buying bulk illegal drugs and then selling them at a massive markup. Pretty risky, potential high upside, but given they assessed and then accepted the risk, hard to feel bad when they get robbed of all their drugs and lose their retirement funds.
They only needed it to exist on the app store for a week before stealing millions with zero recourse.
These wealthy crypto people need to stop being cheap and hire financial advisors. The only reason for not doing so is if it was gained illegally in the first place.
47 comments
Also they should check the app but wallet security is tricky - you can put subtle vulnerabilities in that are hard to spot.
But most reasonable people agree there's no tangible use case to not wearing a seatbelt. There are infinite tangible use cases to using software outside the app store, that reasonable people can all acknowledge.
I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.
This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
Choice quote:
> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.
[0]: https://t.me/investigations/313#
> people entered their seed phrases into the app, then discovered their wallets were immediately drained.
Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
Not sure what the game theory optimal way of stealing is!
But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.
I'm probably over thinking this and it was just a quick and dumb money grab.
https://archive.ph/4RVLf
If Walmart sells a dangerous product, even unknowingly, they can be liable. Why are digital stores different?
"I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant."
Leaves me really shaking my head. If someone has the knowledge to even buy bitcoin or cryptocurrency, I imagine they have enough knowledge to know how utterly crime-ridden and risky of a speculation it is. It's like if someone decides to put their retirement fund into buying bulk illegal drugs and then selling them at a massive markup. Pretty risky, potential high upside, but given they assessed and then accepted the risk, hard to feel bad when they get robbed of all their drugs and lose their retirement funds.