Doxxing the crypto market fake wallet industry

Nowadays, the concept of blockchain is deeply rooted in the hearts of the people, and digital wallets have become the main way for people to understand and participate in the blockchain ecosystem. However, driven by profits, some people take the risk and embark on the criminal path of making and distributing fake wallets. At present, there are a large number of fake wallet websites and applications on the Internet, which has become a “stumbling block” for novices to get started, bringing huge potential risks to personal assets.

The purpose of this article is to expose the concept, harm, distribution and dissemination channels of fake wallets and other fraudulent methods, so that users can fully understand the harm of the use and spread of fake wallets, and hope to improve users’ ability to identify fake wallets and fake official websites, so as to ensure that users can control their assets safely and securely.

What is a fake wallet

Fake wallets are fraudsters who decompile genuine wallet APKs or IPAs, add the private key and mnemonic data theft function of creating or importing wallets, repackage them and distribute them to the network to guide users to download. Once the user downloads and uses the fake wallet, the private key and mnemonic data will be automatically synchronized to the fraudster’s server for monitoring, and once a large amount of assets is detected, it will be immediately stolen or set up malicious multi-signature, which will eventually lead to asset theft.

You can check the version number, hash value and other data of the wallet through the download page of the TokenPocket official website, any client that does not match the official version of the data is a fake wallet, and you can verify the authenticity of the wallet through the hash verification tutorial of the installation package.

Genuine TokenPocket Verification Method:

1️⃣Official website verification:

2️⃣ Text Tutorial:

3️⃣ Video Tutorials:

Note: For genuine TP Wallet, please look for the developer: TP Global Ltd

Fake wallets are a huge harm

Third-party channel data:

The Trend+ research team found fake versions of all the most popular crypto wallet apps, including TokenPocket, imToken, MetaMask, Trust Wallet, and Bitpie, with researchers saying that a total of 249 fake apps were found that were downloaded by victims around the world, including the United States, France, Germany, Australia, New Zealand, and Japan.

Source: Trend+ Security Team

According to incomplete statistics, as of 2021, tens of thousands of victims of asset theft caused by downloading fake wallet apps have been achieved, and the amount stolen is as high as $1.3 billion. At present, this stolen data is still an explosive growth trend.

According to the victim information collection statistics contacted by MistTrack, 61% of the victims were stolen due to downloading fake wallet apps, while private key leakage accounted for 28%, and other reasons include authorization theft, fraud, and contract vulnerabilities.

Source: Slowfog Security Team

The Bitrace team has been paying attention to the crime of coin theft for a long time, and has conducted special analysis, tracking and reporting on this kind of fake wallet multi-signature scam.

The main symptoms of the malicious multisig of the TRON wallet caused by the fake wallet are: unable to use its own cryptocurrency wallet APP normally, which is manifested in the transfer error, and the inability to call other on-chain contracts, but the transfer is normal, and finally the assets in the account are transferred away at one time. After investigation, it was found that the key was leaked due to the download of the fake wallet APP, and then the stolen coins illegally changed the account permissions.

Data source: CryptoChase Security Team

Based on the data of the Coinchasing, SlowMist and Trend+ security teams, we fully see the depth of the harm of fake wallets and the large amount of defrauded assets. These fraudulent activities are spread through various means, and a huge industrial chain has been formed behind them. Fake wallet scams have a wide range of user groups and cause serious financial damage to users.

Fake wallet production and distribution channels

1. Search engine channel:

In our daily lives, search tools have become an extremely common channel for obtaining information. Because of its ubiquity, scammers cleverly exploit methods such as people’s usage habits and optimization of search product rankings to achieve their goal of fraudulent propagation. The data shows that scammers manipulate search engine results to optimize the exposure of fake information, and put fraudulent content such as fake wallet source code at the top of user search results, increasing the likelihood of being viewed or disseminated.

For example, if you use [TP Wallet Source Code] to search in Google and Baidu, some of the results are as follows:

Baidu search results ↑↑↑

Google search results ↑↑↑

2. Video communication channels

Fake wallets have increasingly become a major channel through video platforms, and the recent upward trend is obvious, which has become another “bright spot” for fraudsters after spreading fake official websites. The spread effect of video is very inducing and harmful to new users, and the following is a part of the content shown in the search results.

3. Social platform channels

The source code of the fake wallet will also be spread through social platforms, especially in the QQ community, WeChat community and Telegram community. With the help of a wide range of user groups on social platforms, fraudsters distribute tutorials and propaganda of fake wallet source code in groups, and even lure users to participate in the distribution and dissemination of fake wallets or fake wallet source codes, and distribute profits according to the proportion of communication performance or the proportion of stolen assets.

Here are some of the malicious source code or asset theft technology community spread.

By disseminating the source code of fake wallets and making fake wallets, these actions constitute the root cause of the spread of fake wallets. Through the above channels, we understand that the current situation is not optimistic. Scammers have made full use of the mainstream channels of online communication to form a complete industrial chain. This poses a huge threat to the entire blockchain environment, as almost all major wallets can find information about fake wallets on the web.

Fake wallet propagation channels

Baidu is the most used search engine on a daily basis, with a historical market share of 84.3%, followed by Bing and Sogou, and the search engine market share data is as follows:

The top four search engine results for TP wallet are as follows:

Baidu search ↑↑↑

Bing search ↑↑↑

Sogou search ↑↑↑

Google search ↑↑↑

According to the search data above, the fraud disguised as fake wallets has spread widely to mainstream search platforms. These scams often spread fake wallets by forging links to official websites, creating fake videos, or employing other leads.

We strongly recommend that users be aware of security and make sure to visit the TP Wallet official website: tokenpocket.pro tpwallet.io or other officially recommended channels (Google Play, etc.). Using a genuine wallet is the most basic guarantee for asset security.

How to prevent fake wallets

Wallet downloading and verification is a basic knowledge that we should all have in the blockchain space. At the same time, it is crucial to develop good usage habits, especially for decentralized self-custody products, and be sure to choose official channels. Here are some tips to help reduce your risk of fraud.

1. Choose search results carefully: When choosing search results, avoid relying on recommended results in search engines, as fraudsters may promote fake wallets by forging links to official websites, making fake videos, or other deceptive tactics. Using a link to the official website is the safest option.

2. Verify the official URL: Only use the official URL to access the wallet. For TokenPocket users, make sure you only use tokenpocket.pro tpwallet.io or other officially recommended channels (GooglePlay, etc.).

3. Use enhanced security products: TokenPocket supports diversified security products, such as cold wallets, hardware wallets, multisig wallets, AA smart wallets, Passphrase hidden wallets, NFC backup cards, privacy wallets, etc. These features or products provide an additional layer of security and are decisive for the security of the asset.

4. Strengthen learning: Continue to learn about the security and anti-fraud knowledge of blockchain wallets, and stay vigilant against new fraud methods. By taking these precautions, users can minimize potential risks such as using fake blockchain wallets and ensure the safety of their digital assets.

Asset Security Recommendations

When using a decentralized self-custody wallet, the most important thing to be afraid of is some cumbersome transactions, such as the backup of the private key mnemonic phrase must be carried out offline, and it must be stored well and not lost or leaked (you can choose the backup card as an offline backup method in the NFC way). The most important thing is security, from phishing scams for small transfers, to fake wallets, malicious authorizations or malicious multi-signatures, every inadvertent omission can lead to the risk of assets.

Especially on the Android client, due to its high openness, some malicious apps can easily obtain more permissions. Therefore, please be sure not to use unofficial blockchain-related products at will, let alone use any networked platform to store private keys and seed phrases, to ensure that your assets are kept away from potential threats. In the world of digital assets, it is crucial to remain vigilant and cautious at all times.