Fake crypto wallet app scam

Scammers publish wallet apps to the iOS App Store, Google Play, and Android sideload sites that look identical to real wallets — MetaMask, Trust Wallet, Phantom, Coinbase Wallet, Ledger Live. Some pass app-store review with branding tweaks just subtle enough to evade automated detection. Others target users who sideload from "official-looking" download pages.

When you import your existing seed phrase to "restore" your wallet, the app exfiltrates the phrase to the attacker. Funds are drained, sometimes seconds later, sometimes after a delay so it's harder to link to the app install.

Both Apple and Google have repeatedly removed malicious wallets after the fact, but new ones appear weekly.

• The app icon is slightly off (different shade, off-center logo, extra symbol).
• The developer name doesn't match the real wallet's company.
• The app has few reviews, or many short 5-star reviews dated within a week.
• The app requests permissions a wallet doesn't need (full contact access, SMS reading).
• You found the app through a search ad or a tweet, not the wallet's official website.
• The official wallet's download page links to a specific App Store / Play Store URL — verify the URL matches before installing.
• Sideload required ("download our APK from this Telegram link") — major red flag.

1. Always download wallets from the wallet's official website, then click through to the App Store / Play Store link.
2. Verify the developer name in the app store. Real MetaMask is published by "ConsenSys Software Inc." Trust Wallet by "Six Days LLC." Mismatches mean it's not the real one.
3. Use a hardware wallet for large balances. Even compromised software can't sign without the hardware confirmation.
4. Never enter a seed phrase into a freshly installed app from an untrusted source.
5. Check the app's website domain age. Real wallets have years-old domains; clones are recent.

• The seed is compromised. Generate a new wallet immediately on a clean device.
• Move all assets from the old wallet to the new one as quickly as possible.
• Uninstall the malicious app and report it to Apple / Google.
• Check for additional malware if you sideloaded — consider a factory reset.
• Report the app and developer name to Chainabuse.
• Watch for recovery scam DMs. Block proactively.

• Do not trust app-store presence as validation.
• Do not enter your seed phrase in any app you didn't install via the wallet's official website link.
• Do not sideload wallet APKs unless you genuinely know what you're doing and have verified the source signature.
• Do not keep using the compromised wallet "until later."

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.