Bitcoin and cryptocurrencies present numerous advantages over the traditional financial systems, including faster transactions, while paying only a fraction of the cost. The decentralized nature, meaning a lack of central authority behind them, has attracted lots of fans, investors, and users over the past decade.
However, this same feature could also display some serious issues if one is not careful. Some of these problems could lead to the loss of funds, as the story of Yaniv reveals (Yaniv’s full details are kept in our system, however, the following screenshots are the actual transactions from the incident).
Although Yaniv had tons of experience in the field, purchasing his first bitcoins in 2013 when the asset cost a few tens of U.S. dollars, the story below shows that no one is immune to mistakes. It also exemplifies that the lack of concentration for seconds could turn into a massive loss and teaches a few valuable lessons newbies and even experienced users need to know.
2 Minutes In Hell: $80,000 In ETH And NEO Gone
Being an active cryptocurrency community member since 2013, Yaniv was aware of the potential risks that could arise from storing digital assets on centralized exchanges. Examples of maybe the most famous incident could be the hack or exit scam of MT.Gox, which used to be the biggest exchange back in 2013.
Yaniv had issues with his Trezor hardware wallet, so he decided to transfer the tokens, ETH and NEO, to a hot wallet until he fixed the problems.
After some research, he concluded that the Exodus wallet would be the most appropriate choice. What attracted him the most was the Android app he found on Google Play that enables access from a smartphone.
This is where the situation turned south, although he didn’t know it yet. Yaniv installed an application dubbed Exodus Wallet Mobile (see screenshot below) that had the logo and description of the original Exodus app. However, it turned out to be a phishing app.
Phishing attacks are when scammers copy a familiar interface of websites such as banks, PayPal’s homepage, or cryptocurrency web and app wallets. If the victim fails to notice the small differences within the site’s URL or app’s developer, he could easily provide sensitive information that the scammers will happily steal in minutes.
Such attacks are becoming dangerously popular within the cryptocurrency field primarily because digital assets are more challenging to track. Additionally, transactions cannot be reversed, unlike credit card payments, for example.
Once Yaniv installed the phishing app on his mobile, he was asked to insert his keys. Once approving, instead of receiving access to his funds, the app shut down. Using his web wallet version of Exodus, Yaniv noticed that in a matter of two minutes, the whole balance was drained out.
At the time of the incident, those coins were worth over $80,000. The image below from the Ethereum blockchain illustrates the transactions to Yaniv’s wallet and the transfer made by the scammers.
The Initial Shock And Community Reaction
Needless to say, dealing with the loss of $80,000 is not a simple and easy task. Yaniv told CryptoPotato that his first reaction was to write a thorough post to the Bitcoin community group on Facebook. He explained the situation and hoped the post would serve as a warning to others not to repeat his mistake.
Yaniv said that he felt the support of most community members. Some even helped with technical advice on how to track the coins after they left his wallet. However, Yaniv doubted it would lead to any practical results.
Nevertheless, some community members displayed cynicism and condemned his mistake. Not exactly what a person in Yaniv’s position needed at that time.
Further tracing of the coins indicated that they ended up on the cryptocurrency exchange – KuCoin. This may present a problem, as the popular exchange doesn’t require a mandatory know-your-customer (KYC) procedure. As such, it’s safe to assume that the scammers haven’t provided their personal information when opening their accounts.
Yaniv noted that he doesn’t intend to give up. He has already contacted the local Israeli law enforcement agencies and has asked anyone who may know any information or share a similar experience to assist in the ongoing investigation.
The Lessons To Extract
Yaniv revealed that he first heard about Bitcoin back in 2013, and after researching, he quickly “fell in love.” He liked the idea of money belonging to the people, instead of centralized authorities. He said that owning digital assets could make people “their own banks” and require a lot of personal responsibility.
Because of this same responsibility, Yaniv didn’t blame it on cryptocurrencies and said he hadn’t lost faith in them. He acknowledged his “rookie” mistake and hope that through his story, people will learn not to show the same lack of concentration even for seconds when transferring and storing their own coins.
Some of the lessons he wanted to pass to the readers include thoroughly checking any wallet application before installing, even if the app is made onto the Google Play or Apple Store.
In his case, he could have been warned by some signs presented on Google Play, such as the number of downloads. While the original Exodus wallet app has over 100,000 downloads, the phishing app had only about a thousand, which could have risen some red flags.
Another critical factor is the app reviews. A brief look below showed that many users had complained about the scammers’ app. It’s worth noting that Google has since removed the phishing app.
Yaniv also wanted to recommend to anyone holding crypto not to “store all eggs in the same basket.” Meaning, they should separate their cryptocurrency holdings into different wallets, preferably hardware wallets. So, in case one wallet is exposed, the other funds are safe.