FBI warns hackers are using fake crypto apps to defraud investors

The FBI has issued a public warning about fraudulent cryptocurrency investment apps after hackers posing as legitimate services stole tens of millions of dollars from U.S. investors.

In an advisory published on Monday, the law enforcement agency said hackers have been posing as legitimate cryptocurrency investment organizations in an effort to convince investors to download fraudulent apps. After downloading the apps — which use the names, logos and other identifying information of legitimate services — victims found themselves unable to withdraw funds supposedly deposited into their accounts. When they attempted to do so, they received messages stating that they needed to pay taxes on their investments first. Even when they paid, the FBI said the funds remained locked.

The FBI says cybercriminals have been using these apps with “increasing success” to defraud investors and estimates that roughly $42.7 million has been stolen from 244 victims in an eight-month window between October 2021 and May 2022.

In one particular case, cybercriminals posed as employees of the company YiBit, a cryptocurrency exchange that went out of business in 2018. Using a fake app, criminals stole about $5.5 million from four different victims. In another, they posted as Supayos or Supay, the name of a currency exchange provider in Australia, to defraud two victims.

In another case, observed between December 2021 and May 2022, unidentified hackers took some $3.7 million from 28 individuals over the course of six months by pretending to be representatives from a legitimate, unnamed financial entity.

The FBI is advising investors to be wary of prompts to install investment apps from unknown individuals, to verify that the company behind such apps is legitimate, and to treat apps with broken or limited functionality with skepticism.

Although the FBI did not name or attribute the hackers to a particular group or nation-state, several U.S. government agencies — including CISA and the FBI — have warned in recent months of North Korean hackers targeting cryptocurrency and blockchain companies with malicious crypto-stealing apps. North Korea has long used cryptocurrency-stealing operations to fund its nuclear weapons program.

While cybercriminals have long relied on cryptocurrency as a means of financial extraction, they are increasingly turning their attention to targeting crypto wallets and Blockchain bridges, tools that enable users to transfer their crypto assets from one blockchain to another. Last month, hackers exploited a vulnerability to steal $100 million from Harmony’s Blockchain Bridge, an attack that has since been linked to the North Korean-backed Lazarus group.