Thankfully the App Store doesn't allow side loading, because it completely stops fraud like this. At least that's the number one reason why I keep getting told if we allow side loading this will happen.
Is there more scams of web3 in the App Store or on the open internet? Not defending Apple but kind of a strawman to claim they said it stops 100% of fraud and abuse. That’s like saying seatbelts don’t work because people still get hurt in car crashes.
Apple are pretty bad for this and I don't think it's the first time it's happened. A lot of the problem is if you search for some app in the iOS app store the top result is a paid ad and the established app you want is the second result so people who don't know that click on the top one and lose their funds.
Also they should check the app but wallet security is tricky - you can put subtle vulnerabilities in that are hard to spot.
And don't you think its a strawman to compare only being and to install "" approved "" ($100/year for apple) software to a seatbelt? There is no use case for not wearing a seatbelt. That is not true for being able to install software.
Plenty of people disagree that there is no use case to not wearing a seatbelt. That you find it impossible to imagine makes it an even better analogy actually.
People can disagree with whatever, everyone is allowed to be stupid.
But most reasonable people agree there's no tangible use case to not wearing a seatbelt. There are infinite tangible use cases to using software outside the app store, that reasonable people can all acknowledge.
Eh, kinda a weak argument. Too easy to counter with "but sideloading would let that happen more!" That might even be right, and a difference in amount is important. There will never be a totally secure system, after all.
I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.
This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.
> people entered their seed phrases into the app, then discovered their wallets were immediately drained.
Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.
I'm probably over thinking this and it was just a quick and dumb money grab.
a bird in the hand is worth much more than ten in the bush. The 'collect and sweep' strategy is extremely risky because seeds are perishable. You're racing against the app getting nuked and the users rotating keys.
If apple were liable for this you could do a double dip where you use your own fake app to "steal" money from a massive wallet you own and get apple to pay you back for "your loss". In addition to your other ill gotten gains.
Only if you made it past Apple's developer review, which is their most public argument for why software must be vetted by Apple first. So are they infallible (preventing the headline and refuting your argument), or is there a point in time when some users know better than Apple, when their developer review does as much harm as good, and the Apple App Store is not the safe haven Apple likes to publically claim?
The difference is nobody is saying that FAA regulations make plane crashes impossible.
Many people think what apple is doing makes malware impossible. That's not the case, the app store has plenty of malware and it's trivial to get malware on the app store.
The app store is trying to solve a subset of a subset of a subset of a subset of the problem, and then it doesn't even solve that. Yes, that means it sucks ass as a solution, unfortunately.
Or, to be more clear: the problem space is getting scammed. Apple is only even trying to solve an extraordinarily small subsection of that problem space.
You don't need an app to scam someone. And if you do have an app, it doesnt have to be outside the app store. And even if it's on the app store, it doesn't have to be malicious.
Even if apple did somehow, magically, eliminate malware there would still exist perfectly legitimate apps that can be used for scamming. And that would only address a tiny part of scamming anyway, because the vast majority of scams are not done using an app.
But have you thought of children? God forbid they give money to illegitimate scammers when legitimate one aren’t getting enough cash from legal gambling like loot boxes.
This should not have happened. But I have a hard time finding any sympathy for cryptocurrency folks. The quote from the article:
"I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant."
Leaves me really shaking my head. If someone has the knowledge to even buy bitcoin or cryptocurrency, I imagine they have enough knowledge to know how utterly crime-ridden and risky of a speculation it is. It's like if someone decides to put their retirement fund into buying bulk illegal drugs and then selling them at a massive markup. Pretty risky, potential high upside, but given they assessed and then accepted the risk, hard to feel bad when they get robbed of all their drugs and lose their retirement funds.
They only needed it to exist on the app store for a week before stealing millions with zero recourse.
These wealthy crypto people need to stop being cheap and hire financial advisors. The only reason for not doing so is if it was gained illegally in the first place.
Thankfully the App Store doesn't allow side loading, because it completely stops fraud like this. At least that's the number one reason why I keep getting told if we allow side loading this will happen.
Is there more scams of web3 in the App Store or on the open internet? Not defending Apple but kind of a strawman to claim they said it stops 100% of fraud and abuse. That’s like saying seatbelts don’t work because people still get hurt in car crashes.
Apple are pretty bad for this and I don't think it's the first time it's happened. A lot of the problem is if you search for some app in the iOS app store the top result is a paid ad and the established app you want is the second result so people who don't know that click on the top one and lose their funds.
Also they should check the app but wallet security is tricky - you can put subtle vulnerabilities in that are hard to spot.
The App Store is totally safe, so I don't need to think about what I download or do any due diligence!
And don't you think its a strawman to compare only being and to install "" approved "" ($100/year for apple) software to a seatbelt? There is no use case for not wearing a seatbelt. That is not true for being able to install software.
Plenty of people disagree that there is no use case to not wearing a seatbelt. That you find it impossible to imagine makes it an even better analogy actually.
People can disagree with whatever, everyone is allowed to be stupid.
But most reasonable people agree there's no tangible use case to not wearing a seatbelt. There are infinite tangible use cases to using software outside the app store, that reasonable people can all acknowledge.
Eh, kinda a weak argument. Too easy to counter with "but sideloading would let that happen more!" That might even be right, and a difference in amount is important. There will never be a totally secure system, after all.
I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.
This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
If they did, we’d be reading about such cases daily.
Source article: https://www.coindesk.com/business/2026/04/14/a-fake-ledger-a...
Choice quote:
> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.
[0]: https://t.me/investigations/313#
So certainly the DUNS, phone number, and physical address information will give up the perpetrators, thank goodness for Apple developer registration.
Entering your seed phrase with that much money on a phone is really non-sense :/
> people entered their seed phrases into the app, then discovered their wallets were immediately drained.
Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
maybe they had a check to determine total value of all collected seeds and then triggered auto sweeps from a certain threshold to guarantee a minimum.
Not sure what the game theory optimal way of stealing is!
That would make sense.
But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.
I'm probably over thinking this and it was just a quick and dumb money grab.
Game theory of cybercrime is way too interesting.
a bird in the hand is worth much more than ten in the bush. The 'collect and sweep' strategy is extremely risky because seeds are perishable. You're racing against the app getting nuked and the users rotating keys.
But would people actually know and rotate keys? The moment the app gets nuked you could grab all the money.
Here is the archived App store page...
https://archive.ph/4RVLf
Unidirectional wall garden.
Apple should be liable for this.
If Walmart sells a dangerous product, even unknowingly, they can be liable. Why are digital stores different?
If apple were liable for this you could do a double dip where you use your own fake app to "steal" money from a massive wallet you own and get apple to pay you back for "your loss". In addition to your other ill gotten gains.
Only if you made it past Apple's developer review, which is their most public argument for why software must be vetted by Apple first. So are they infallible (preventing the headline and refuting your argument), or is there a point in time when some users know better than Apple, when their developer review does as much harm as good, and the Apple App Store is not the safe haven Apple likes to publically claim?
That's still fraud.
Of course it is.
Walmart wasn't created late enough in the 2nd gilded age to effectively lobby the government against having any rules
Apple should be on the hook for that. If you moderate, you are responsible for damage.
Censor, not moderate. Let's be honest.
Contact your representative?
I thought that Apple was reviewing each and every app which was the reason that justified them getting a silly 30% margin from all app revenues?
Apple only banned they app because they didn't get a 30% cut of the stolen crypto
I thought that Apple ecosystem had no bad apps as it prevented sideloading. I have heard that as reasoning to prevent it multiple times here on HN.
"A plane crashed? See! FAA regulations are useless and the agency needs to be disbanded."
The difference is nobody is saying that FAA regulations make plane crashes impossible.
Many people think what apple is doing makes malware impossible. That's not the case, the app store has plenty of malware and it's trivial to get malware on the app store.
The app store is trying to solve a subset of a subset of a subset of a subset of the problem, and then it doesn't even solve that. Yes, that means it sucks ass as a solution, unfortunately.
Or, to be more clear: the problem space is getting scammed. Apple is only even trying to solve an extraordinarily small subsection of that problem space.
You don't need an app to scam someone. And if you do have an app, it doesnt have to be outside the app store. And even if it's on the app store, it doesn't have to be malicious.
Even if apple did somehow, magically, eliminate malware there would still exist perfectly legitimate apps that can be used for scamming. And that would only address a tiny part of scamming anyway, because the vast majority of scams are not done using an app.
Does this mean that because seatbelts and air bags exist to save my life in a crash I should be less careful driving?
Like staying warm, it’s all about layers.
If Apple's reviews aren't done correctly, shouldn't we then get reimbursed for the additional 30% paid by the consumer?
[dead]
I think people are less safe overall because they believe the walled garden is safe and they let their guard down.
hOw WOulD mY graNDparNtS AvOiD getTiNG sCAmmED iF APPLE did nOT locK dOWn evEryThinG ?
Not "investing" in cryptocurrency would be a good start. =)
Apple takes a proactive stance towards apps that can even be used to access adult content. That's why Tumblr had a hard time.
Saying the mere ability to access adult content is very likely to get one shut down, but crypto wallets are fine, feels like a double standard
But have you thought of children? God forbid they give money to illegitimate scammers when legitimate one aren’t getting enough cash from legal gambling like loot boxes.
ThEY sHoUlD Pay AttENtIoN tO WhAt tHey aR3 d01n6!
[flagged]
This should not have happened. But I have a hard time finding any sympathy for cryptocurrency folks. The quote from the article:
"I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant."
Leaves me really shaking my head. If someone has the knowledge to even buy bitcoin or cryptocurrency, I imagine they have enough knowledge to know how utterly crime-ridden and risky of a speculation it is. It's like if someone decides to put their retirement fund into buying bulk illegal drugs and then selling them at a massive markup. Pretty risky, potential high upside, but given they assessed and then accepted the risk, hard to feel bad when they get robbed of all their drugs and lose their retirement funds.
They only needed it to exist on the app store for a week before stealing millions with zero recourse. These wealthy crypto people need to stop being cheap and hire financial advisors. The only reason for not doing so is if it was gained illegally in the first place.
A lot of people got into crypto because they want to manage their own money. They aren't going to use crypto financial advisors.
> A lot of people got into crypto because they want to manage their own money
uncontrollable laughter