Apple App Store’s Security Breached by Fake Rabby Wallet Scam

As the crypto community navigates the minefield of fake Rabby Wallet apps, FixedFloat deals with a major security breach which resulted in the theft of at least $26 million worth of BTC and ETH.

Crypto crime wreaked havoc over the past weekend. A deceptive app named "Rabby Wallet & Crypto Solution" on the Apple App Store caused huge financial losses for users. Despite multiple reports, the fake app remained available for days, with victims losing large amounts of money and crypto. Additionally, the decentralized crypto exchange FixedFloat suffered a security breach, resulting in the theft of at least $26 million in Bitcoin and Ethereum, causing the platform to go offline. In Australia, a federal police officer has been accused of stealing Bitcoin from a hardware wallet seized during a drug raid.

The Fake Rabby Wallet's Trail of Losses

A fake version of the Rabby Wallet, a crypto wallet application developed by DeBank, recently caused some major distress among Apple App Store users. The deceptive application, operating under the name "Rabby Wallet & Crypto Solution'' by "Solution Development," has been available on the App Store for at least four days, despite multiple reports from users about it being fraudulent. The authentic Rabby Wallet team confirmed on Feb. 16 that any version of the app currently available on the App Store is fake, as their official app is still under review.

The situation escalated as users, tricked by the imposter app, reported big financial losses. Concerned people took to various platforms, including Reddit and the Apple discussion board, to share their experiences and warn others.

Victims of the scam have already lost large amounts of money, with one user claiming a loss of $5,000 and another stating that 10% of their cryptocurrency portfolio was wiped out due to the fake app. A report also came from an NFT collector known as 'bthemouth,' who found their wallets emptied after the fraudulent app obtained their seed phrase, leading to a loss of nearly 14 ETH, valued at around $40,000.

Naturally, the incident has sparked outrage and disbelief among the crypto community, particularly due to the expectation of security within the Apple Ecosystem. It has raised questions about the effectiveness of Apple's app vetting process, especially considering this is not the first time a fake Rabby wallet app appeared on the App Store.

Similar incidents were reported in October and December of last year, alongside a recent case involving a counterfeit Curve Finance app discovered on Feb. 14. Furthermore, in November of last year, a fake Ledger Live app managed to steal almost $600,000 after infiltrating Microsoft’s app store.

FixedFloat Compromised in Multi-Million Dollar Exploit

Meanwhile, the decentralized crypto exchange FixedFloat has suffered a major security breach, resulting in the theft of at least $26 million worth of Bitcoin (BTC) and Ethereum (ETH). This incident came to light after users began experiencing frozen transactions and reporting missing funds on the platform's social media page on X. On-chain data revealed that over 400 BTC and more than 1,700 ETH were siphoned off from the exchange on Feb. 18. Initially, the exchange team referred to the unusual outflows as "minor technical problems" and took the platform offline for maintenance.

The team later confirmed the hack and theft of funds, acknowledging the breach while assuring users of their ongoing efforts to address vulnerabilities, enhance security measures, and conduct a thorough investigation. They have yet to provide specifics on how exactly the attackers managed to compromise the exchange. The FixedFloat website has also been displaying an error message, further indicating a pause in operations.

FixedFloat is known for its user-friendly approach, allowing trades without the need for registration or KYC verifications, and for integrating the Lightning Network for Bitcoin transactions. The platform is very popular in the United States, with a big portion of its web traffic originating from there.

The crypto industry has seen various forms of security incidents, from sophisticated supply chain attacks to ransomware targeting high-profile entities. The incident at FixedFloat now only adds to the growing list of security breaches in the crypto space.

Policeman Allegedly Steals Bitcoin from Raid

The down under also had its own run-in with crypto crime over the past weekend. The National Anti-Corruption Commission (NACC) in Australia has leveled serious allegations against a federal police officer, accusing him of manipulating a crime scene to steal Bitcoin from a hardware wallet.

The incident unfolded during a drug raid at a residence, where authorities discovered a Trezor hardware wallet containing 81.62 Bitcoin, valued at approximately $309,000 at the time of the raid in 2019. This amount has since appreciated to around $4.2 million. The officer, identified as William Wheatley, is accused of transferring the Bitcoin to his own possession soon after the raid, despite authorities waiting nearly three weeks to secure court permission to access the wallet, which was then found empty.

The initial suspicion fell on an associate of a crime syndicate, especially after the discovery of a device containing the seed phrase for the wallet, essential for its recovery. However, Detective Sergeant Deon Achtypis of the cybercrime squad later linked the theft to Wheatley through an investigation into IP addresses associated with the stolen Bitcoin, utilizing crypto tracing software.

This software has certainly become a very essential tool for law enforcement worldwide, helping them in the tracking and recovery of illicit digital assets. In fact, advancements in this technology have greatly increased the rate of recovery for stolen crypto, with over $674 million recovered from more than 600 hacks in 2023 alone.

Wheatley is now facing charges of exploiting his position for personal gain, theft, and involvement with proceeds of crime, vehemently denying the accusations and preparing to contest the charges. This case forms part of the much broader concerns over crypto security, especially highlighted by Trezor's recent admission of a security breach affecting almost 66,000 users due to unauthorized access to a third-party support portal.