A scam app on the Google Play Store has been found to target web3 users by mimicking a legitimate blockchain protocol. Security researchers from Check Point Research (CPR) identified the scam, which involved an app named “WalletConnect” — deliberately designed to confuse users with the real, open-source WalletConnect protocol used for connecting decentralized apps and wallets.
The app used the genuine WalletConnect logo to further deceive users, positioning itself as a solution to issues with the real protocol, such as its limited support across popular cryptocurrency wallets. Since WalletConnect has no official app in the Play Store, the fake version slipped through unnoticed, resulting in over 10,000 installs.
Although the number of victims is smaller than the number of installs, CPR identified more than 150 cryptocurrency addresses linked to fraudulent transactions. Once installed, users were prompted to link their crypto wallets to the app, believing they were accessing a trustworthy service.
The app then directed users to select a new wallet allegedly compatible with the WalletConnect protocol. At this stage, users were tricked into authorizing transactions that redirected them to a malicious website. The scammers captured all the details of the victims’ wallets and, using smart contracts siphoned valuable tokens from users’ wallets into their own.
According to CPR, this marks the first time a “crypto drainer” has targeted mobile users on such a scale. The app only received around 20 negative reviews on the Play Store from victims, meaning that fake reviews praising the app vastly drowned out the warnings.
The app remained on the Play Store for five months after its launch in March, eventually being removed by Google By that point, around $70,000 in crypto had been stolen from victims.
CPR advises anyone who installed the app to uninstall it immediately from all devices and take appropriate security precautions going forward.