Blockchain security experts highlighted a malicious mobile app, stealing sensitive wallet data from users’ devices, stolen more than $ 1.8 million in cryptocurrency.
According to the Blockchain Security Firms Slumist and OKX Web 3 Security, a fake app called BOM secretly stole more than $ 1.82 million into the crypto by reaching the users’ private keys and menemonic phrases. In 27 February research reportSlomist reported that the first unauthorized transaction with the app was seen on 14 February.
On-chain analysis identified the main leaks, due to which it was revealed that BOM was actually a scam app that wooed the victims to give file access. Once given, the app scanned the device storage, took the wallet data, and sent it to a remote server.
The app asked unnecessary permissions, such as access to photos and media, security experts called “highly suspicious” behavior.
“On iOS, the app first requests permissions, cheating users with a message, this claiming message is necessary for general operation. This behavior is highly suspicious-as a blockchen-related application, there is no valid reason for the need for access to photo gallery near it. ,
slow
Slowmist tracked the stolen funds in several blockchain, it estimated that the main hacker address (0x49adddddddddddd3e…) stole the property from at least 13,000 victims and transferred the money through the base of the BNB series, Ethereum, Poigitous, Middlemen and Coinbase.
Stolen crypto included Titu (USDT), Etreum (Eth), Wrapped bitcoin (WBTC), and Dogecoin (DOGE).
Although it is unclear who is behind the scheme, Slomist analysts stated that the backnd services of the app were offline during the analysis, suggesting that the attackers are already trying to cover their tracks. Some funds were swapped on decentralized exchange platforms such as pancakexwap and OKX-Dex.
