Fraudsters Post Fake Poloniex Cryptocurrency Trading Apps to Google Store

Security researchers have discovered several fraudulent apps on the Google Play store purportedly tied to the Poloniex cryptocurrency exchange.

AccessTimeIconOct 25, 2017 at 9:00 a.m. UTC
Updated Aug 18, 2021 at 7:17 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Security researchers have discovered at least three fraudulent apps on the Google Play store purportedly tied to the Poloniex cryptocurrency exchange.

An article posted on IT security firm ESET’s news site We Live Security details how two of the apps, respectively called "Poloniex" and "Poloniex Exchange," were put onto the Android app service and downloaded more than 5,500 times before being removed. Reportedly, Poloniex does not have an official Android app.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The news (as well as the existence of the apps) highlights the cybersecurity pitfalls of cryptocurrency, as the high-dollar value of some digital assets has drawn the attention of would-be fraudsters. In this case, the apps asked Poloniex users to enter their account credentials, granting the fraudsters access to the victim's emails – thus giving them the ability to alter passwords and delete any evidence of outbound transactions.

    ESET wrote in the article:

    "This means the attackers can carry out transactions on the user's behalf, change their settings, or even lock them out of their account by changing their password."

    The researchers could not say how many people may have been adversely affected by the fake apps. The article notes that Poloniex allows users to enable 2-factor authentication (2FA) to protect their accounts from this type of attack. If a user has 2FA enabled, the attackers would not be able to log into an account even with the appropriate credentials.

    The first app, Poloniex, was on Google Play for about three weeks and saw 5,000 downloads before being taken down on Sept. 19, 2017. The second was in the store for a few days and was downloaded 500 times until it, too, was removed.

    As of press time, a third app – "Poloniex - Bitcoin/Digital Asset Exchange" is still available on the Play store, with at least 1,000 downloads to date.

    Theft image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.