Fake Uniswap App on Google Play Store Stole $20K from Investor
A fake Uniswap application on the Android Google Play Store managed to steal $20,000 from a user. After installing and using the app, the creator accessed his wallet and stole all of the user’s funds. Despite being reported by the community, Google did not yet remove it from the Play Store.
Crypto news platform Nuggets News CEO Alex Saunders reported the latest incident of a fraud on November 20. Saunders tweeted about a member of his platform losing $20,000 from an application called Uniswap DEX. The fake Uniswap app hosts more than a hundred fake positive reviews which gave the victim a false sense of security.
After installing the app, the victim soon lost all his funds after being asked to input his private key backup phrase. To warn others and prevent more DeFi traders from repeating the same mistake, Saunders shared the event on Twitter. Moreover, he asked Crypto Twitter not only to retweet his post but to report the App as well.
Hackers often have difficulty publishing malicious applications on the Google Play Store. In fact, the app store has a rigorous process for testing new apps to discover if they have any malicious intent. However, the thief successfully mitigated the process by stealing assets in a different way.
Instead of stealing the wallet data required to access cryptocurrency funds, the developer simply asked for a private key for back-up purposes. However, the real reason for this inquiry was to gain access to the wallet and transfer the funds to another wallet. The victim most likely made the mistake believing that it was the official Uniswap app.
Who is to blame for the fake Uniswap app?
In this case, both the user and Google share the fault. For one, the user should have taken several precautionary measures to check the app. When searching for Uniswap in the Play Store, we find two applications, both of which are fake. At the time of writing, the team has developed no official application for its decentralized exchange. There is no real Uniswap app on either the Playstore or the iOS app store.
Google is to blame as well, as they did not carefully review the app. If it indeed does work as intended, the application only acts as a transaction router. Moreover, Google had to check if the creator was even affiliated with the Uniswap team. The author of the fake app falsely represented himself as the ‘Uniswap Inc’ company.
This is certainly not the first case of malicious cryptocurrency apps. The Google Play Store is sufficiently dexterous for countering applications that contain viruses. However, it has no mechanism set in place to protect against fake crypto programs. In this case, the developer does not even have to insert a virus. All he has to do is ask for crucial security information that would provide him with access to the wallet.
As cryptocurrencies and DeFi become more popular, we expect a wave of fake apps. Because of that, we urge all readers to carefully consider what data they share with other platforms and users. If you give the wrong entity your private keys, you are bound to lose all your investments. Therefore, actively check what you download and where you log in.
Marko is a content writer passionate about cryptocurrencies, blockchain technology, geopolitics, and information security. After an internship at Cointelegraph in 2018, he decided to pursue writing about the field of decentralized technology full-time.
Defiye is the number one resource for DeFi news, blockchain news and crypto news. Our team of industry leading journalists publishes fresh and breaking DeFi news daily so readers can be sure to stay on top of the crypto market and the defi market, while making the most of their cryptocurrency trading, defi trading and blockchain activities.