Connect with us

Crypto

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Published

on

Crypto Scam App Disguised as WalletConnect Steals K in Five-Month Campaign

Sep 28, 2024Ravie LakshmananCryptocurrency / Mobile Security

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months.

The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it.

“Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results,” the cybersecurity company said in an analysis, adding it’s the first time a cryptocurrency drainer has exclusively targeted mobile device users.

Over 150 users are estimated to have fallen victim to the scam, although it’s believed that not all users who downloaded the app were impacted by the cryptocurrency drainer.

Advertisement
Cybersecurity

The campaign involved distributing a deceptive app that went by several names such as “Mestox Calculator,” “WalletConnect – DeFi & NFTs,” and “WalletConnect – Airdrop Wallet” (co.median.android.rxqnqb).

While the app is no longer available for download from the official app marketplace, data from SensorTower shows that it was popular in Nigeria, Portugal, and Ukraine, and linked to a developer named UNS LIS.

The developer has also been associated with another Android app called “Uniswap DeFI” (com.lis.uniswapconverter) that remained active on the Play Store for about a month between May and June 2023. It’s currently not known if the app had any malicious functionality.

Crypto Scam App

However, both apps can be downloaded from third-party app store sources, once again highlighting the risks posed by downloading APK files from other marketplaces.

Once installed, the fake WallConnect app is designed to redirect users to a bogus website based on their IP address and User-Agent string, and if so, redirect them a second time to another site that mimics Web3Inbox.

Users who don’t meet the required criteria, including those who visit the URL from a desktop web browser, are taken to a legitimate website to evade detection, effectively allowing the threat actors to bypass the app review process in the Play Store.

Besides taking steps to prevent analysis and debugging, the core component of the malware is a cryptocurrency drainer known as MS Drainer, which prompts users to connect their wallet and sign several transactions to verify their wallet.

Advertisement
Crypto Scam App

The information entered by the victim in each step is transmitted to a command-and-control server (cakeserver[.]online) that, in turn, sends back a response containing instructions to trigger malicious transactions on the device and transfer the funds to a wallet address belonging to the attackers.

“Similar to the theft of native cryptocurrency, the malicious app first tricks the user into signing a transaction in their wallet,” Check Point researchers said.

“Through this transaction, the victim grants permission for the attacker’s address 0xf721d710e7C27323CC0AeE847bA01147b0fb8dBF (the ‘Address’ field in the configuration) to transfer the maximum amount of the specified asset (if allowed by its smart contract).”

In the next step, the tokens from the victim’s wallet are transferred to a different wallet (0xfac247a19Cc49dbA87130336d3fd8dc8b6b944e1) controlled by the attackers.

Cybersecurity

This also means that if the victim does not revoke the permission to withdraw tokens from their wallet, the attackers can keep withdrawing the digital assets as soon as they appear without requiring any further action.

Check Point said it also identified another malicious app exhibiting similar features “Walletconnect | Web3Inbox” (co.median.android.kaebpq) that was previously available on Google Play Store in February 2024. It attracted more than 5,000 downloads.

“This incident highlights the growing sophistication of cybercriminal tactics, particularly in the realm of decentralized finance, where users often rely on third-party tools and protocols to manage their digital assets,” the company noted.

Advertisement

“The malicious app did not rely on traditional attack vectors like permissions or keylogging. Instead, it used smart contracts and deep links to silently drain assets once users were tricked into using the app.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Crypto

Senate Urged to Vote on CLARITY Act Before August Recess as Lawmakers Return July 13

Published

on

Senate Urged to Vote on CLARITY Act Before August Recess as Lawmakers Return July 13

Key Takeaways

Limited July Schedule Raises Urgency for Floor Vote

Efforts to pass a federal crypto market-structure bill have entered a critical phase as the Senate remains in recess until July 13. The advocacy group Stand With Crypto on July 1 urged supporters to contact Senators and push for a floor vote on the Digital Asset Market Clarity Act, or CLARITY Act, before lawmakers leave for the August recess.

The timeline leaves a narrow window for action following months of committee work and industry lobbying. Supporters say the bill would reduce regulatory uncertainty by establishing clearer federal rules for digital asset issuers, trading platforms, developers, and market participants.

“The Senate is in recess. The clock on Clarity is running,” Stand With Crypto noted on X, adding:

“The window before the August recess is short, and when Senators return on July 13, they can vote on the Clarity Act to end years of regulatory guesswork. Don’t let the window close. Call your Senators to schedule a vote on Clarity.”

The legislation advanced in June when the Senate Banking Committee approved H.R. 3633 in a bipartisan 15-9 vote. The bill outlines agency oversight, registration pathways for crypto firms, consumer protections, and compliance standards across digital asset markets.

Lawmakers return to Washington on July 13 after the Independence Day recess, leaving Congress with just eight legislative business days before the planned August recess. The compressed schedule gives lawmakers limited time to consider the CLARITY Act alongside annual defense and government funding legislation.

Industry Groups Increase Pressure on Senate Leadership

Industry advocacy has intensified as the legislative calendar tightens ahead of the 2026 midterm elections. More than 200 organizations, including Coinbase, Ripple, Kraken, Circle, Binance.US, Uniswap Labs, Paradigm, Andreessen Horowitz, and Stand With Crypto chapters, have urged Senate leaders to bring the bill to the floor.

Advertisement

Mason Lynaugh, policy director at Stand With Crypto, said:

“There’s a limited window to get this done, with few remaining days left in the current Congress before the midterm elections. If Senate leaders don’t schedule a CLARITY Act vote in the coming weeks, an enormous amount of bipartisan work, compromise, and progress, could be wasted.”

Ripple has also promoted the effort in Washington, D.C., including a branded CLARITY truck near Capitol Hill to raise visibility as lawmakers consider crypto legislation.

Stand With Crypto cited polling showing nearly three-quarters of surveyed crypto owners in Senate battleground states are more likely to support candidates who favor clearer cryptocurrency rules. The group also reported that more than one-third of respondents use digital assets for personal transfers, while 21% use them for monthly expenses.

Despite the momentum, analysts remain cautious. Galaxy Research lowered its 2026 passage estimate for the CLARITY Act to 50-50 from 60%, citing the absence of a scheduled Senate floor vote, no motion to proceed, and no unified text between Senate committees.

Advertisement
Continue Reading

Crypto

Trump denies conflict of interest over crypto. And, Vatican excommunicates rebel group

Published

on

Trump denies conflict of interest over crypto. And, Vatican excommunicates rebel group

Good morning. You’re reading the Up First newsletter. Subscribe here to get it delivered to your inbox, and listen to the Up First podcast for all the news you need to start your day.

Today’s top stories

President Trump’s financial disclosures reveal that he and his family earned more than $1 billion through cryptocurrency ventures and other businesses last year, according to a 927-page report filed with the Office of Government Ethics. The report shows that more than $500 million came from the cryptocurrency venture “World Liberty Financial,” which was co-founded by Trump family members. The sale of souvenir “meme” coins featuring Trump’s image generated more than $600 million. Other income included more than $50 million from settlements with media companies and millions in profits from Trump-branded products like Bibles, sneakers and watches. These earnings, which have outpaced his real estate business, have sparked concerns about potential conflicts of interest. The White House released a statement denying any conflicts of interest, and spokesperson Anna Kelly applauded Trump for making the U.S. “the crypto capital of the world.”

President Trump walks to board Air Force One as he departs Bismarck Municipal Airport on July 1, 2026, in Bismarck, North Dakota. Trump traveled to North Dakota to attend the Theodore Roosevelt Presidential Library dedication.

Andrew Harnik/Getty Images


hide caption

Advertisement

toggle caption

Andrew Harnik/Getty Images

  • 🎧 Democrats have had a lot to say regarding the president’s earnings, NPR’s Linda Kenyon tells Up First. Sen. Adam Schiff of California suggested Trump has earned more money in the first year of his current term than in the rest of his life combined. Rep. Jason Crow of Colorado referred to the president’s cryptocurrency earnings as another example of what he described as “grift and corruption.” Crow also highlighted that the president took his first flight yesterday on a brand-new Air Force One, a gift from a foreign government valued at roughly $400 million.

The Vatican this morning formalized the excommunications of the bishops and priests of the conservative group known as the Society of St. Pius X, declaring that it has entered schism and broken communion with the pope and the Catholic Church. The group, known as SSPX, celebrates the traditional Latin Mass and opposes some modern church reforms. In the Catholic Church, the appointment of new bishops is the responsibility of the pope. But yesterday, the group defied Pope Leo XIV by consecrating four bishops without his approval. The Society framed its actions as a defense of Catholic tradition. During the ceremony, the Rev. Davide Pagliarani, head of the Society of St. Pius X, described the consecrations as an act of service rather than rebellion. Two of the excommunicated men teach in the U.S., where the group’s membership has been growing, according to the society.

A little over a week has passed since rare double earthquakes struck Venezuela. Thousands of people are feared dead as the official death toll continues to rise and hope diminishes for finding survivors in the rubble. Yesterday, the number of people killed by the quakes reached 2,295, and more than 11,200 people were injured, said Jorge Rodríguez, the president of Venezuela’s National Assembly. Tens of thousands of people remain unaccounted for. The number of people left homeless could be staggering. An analysis of satellite data by Corey Scher and Jamon Van Den Hoek from Oregon State University estimated that 58,870 buildings were likely damaged or destroyed by the earthquakes. The U.N.’s International Organization for Migration has reported that up to 6.8 million people could be affected by the disaster, needing shelter, water, sanitation, healthcare and other relief items. Here are the most significant developments since the tragedy occurred.

Advertisement
Continue Reading

Crypto

Robert Kiyosaki Says Spiritual Mission Led Him to Financial Education

Published

on

Robert Kiyosaki Says Spiritual Mission Led Him to Financial Education

Key Takeaways

The Question That Changed Robert Kiyosaki’s Path

Robert Kiyosaki, author of the best-selling personal finance book Rich Dad Poor Dad, said the turning point began years ago while listening to an Indian guru. The guru told him, “Your body’s mission is to fulfill your spirit’s mission,” Kiyosaki wrote on X on July 1. He added that the sentence forced him to examine whether his work matched a deeper purpose.

“His words shook me. At the time my body was busy making money,” Kiyosaki said. That conflict became the central issue in his reflection: whether financial success alone could define a life’s work.

Why Teaching Became the Mission

Kiyosaki said the answer took years to understand. “It finally came to me that my spirit’s mission was to teach what my body was to do was to be a teacher… which was the last thing I thought I would ever become… just because I failed in school and hated school.”

He said the realization prompted him to leave manufacturing more than 50 years ago and begin teaching lessons he learned from his “rich dad,” shifting his career from manufacturing to financial education. Instead of focusing on producing goods, he redirected his energy toward sharing financial principles he believed were missing from traditional education.

The acclaimed author said he was ridiculed for years for teaching ideas such as “Savers are losers” and “Debt can make you rich.” Despite the criticism, he said he continued teaching because he believed traditional schools failed to educate people about money.

“My life changed.”

What Question Does Kiyosaki Leave Open

Kiyosaki said one way to find purpose is to ask, “What does my heart want to do to serve humanity?” He said he began teaching for free before the work became commercial.

Advertisement

“That free education turned into a multimillion-dollar business and expanded throughout the world,” he wrote. He closes by encouraging readers to reflect on their own purpose, asking:

“What is your spirit’s mission?”

Beyond discussing purpose, Kiyosaki’s recent posts have continued to focus on economic risks. He has warned of a possible market downturn, advocated owning assets such as gold, silver, bitcoin, and ethereum, and said he is waiting for lower prices before making additional purchases.

Continue Reading
Advertisement

Trending