Under the guise of legitimate, the fraudster posted a mobile application on Google Play, the exchange did not have an official application at all. For greater credibility, the application began to “boost” a positive rating.
Within a few days of the application's presence on the service, it was downloaded more than 1000 times, even despite the appearance of the first negative reviews. After several complaints, the app was removed from Google Play.
The principle of operation of the malicious application is simple - the user enters his data to enter the exchange. The scammers targeted users without two-factor authentication, after which the attackers gained access to the account, changed the password and withdraw funds.
The victim contacted us after losing a significant amount after installing such a crypto exchange application.
Our compliance officer collected all available information, but it was not enough. After the removal of the application, Google Play Service did not provide a response to the corresponding request about intruders.
The account on the exchange was restored by accessing e-mail, but without initiating a criminal case and insufficient information, it was also not possible to receive an official response from the exchange.
The analysis of the addresses in the blockchain, to which the funds were withdrawn, brought to the DEX (decentralized exchange) through several transit addresses. Due to the lack of a central authority on the DEX, it was not possible to obtain additional data.
Chance to recover stolen funds