Fake Poloniex App Phishing
4 min read

Fake Poloniex Apps Harvest Credentials

By Editorial Team

It has become quite profitable recently to fraudulently steal cryptocurrency from traders. Couple the increased prices of these coins with the number of new users and you have the perfect storm for phishing scams to emerge.

One that was recently discovered involved a fake Poloniex account that was created and launched on the Google Play store. This was first reported by ESET security a few days ago.

The applications were disguised as legitimate apps and were available for download. Once installed, they would ask for the user’s login credentials as well as ask for permission to access their email address. If these users did not have 2FA enabled, their coins were promptly stolen without a trace.

The Danger of Phishing Schemes

It seems that most of the press that is reported on these days will centre on some exchange or cryptocurrency business that has been hacked. However, these are not as likely to occur as a user getting tricked through an elaborate Phishing scheme.

This is exactly what has happened with the Poloniex apps. Given that Poloniex does not offer users an official mobile app, it left the door wide open to being abused. In this case, the fraudsters created two malicious applications.

One of them was titled the “POLONIEX EXCHANGE” and the other “POLONIEX COMPANY”. The latter was downloaded over 500 times whereas the former was used by close to 5,000 users. Both have been taken down upon notification to Google.

Given that one of the apps was in operation for over 15 days there is no doubt that many users may have lost a large amount of coins through the scam.

How the Scam Works

Poloniex Fake App ScamWhen the user first downloads the app, it asks them for their user credentials in order to log into their Poloniex account. It presents them with a login screen that looks legitimate. Once the user has given their information, the attacker would have access to their account (assuming no 2FA).

Once they have access to their account, they can make trades and request a withdrawal. However, in order to process the withdrawal and make sure that there is no trace of the breach, they need to get access to the email account of the user.

This happens in the next stage where the app asks the user if they could be granted access to their email address. If the user authorises this then the operation is complete and the user is redirected to the actual login on the mobile site to make the app appear functional.

In the back though, the scammers now have access to both your account and your email. They quickly empty all of your coins and clear up the trace. Although there were a number of people who did leave negative reviews and say that it was a scam, perhaps these came too late or some people may have not read them.

Always be Cautious

Given how easy it is to steal cryptocurrency and how hard it can be to trace it, phishing scams like this will only increase. You have to always be on the lookout for anything that looks remotely suspicious.

When downloading apps, take a look at reviews. Make sure that the app that you are downloading is indeed affiliated with the exchange. Be suspicious of any apps that trigger alerts that request access to your private information such as email account.

Yet, the most important security step that you can take especially when dealing with online cryptocurrency exchanges is to enable two factor authentication. Getting access to your email credentials is pretty simple these days and it is all that is really required to nab your coins.

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

FTX vs FTX US Review
FTX vs FTX US: Which one is BEST for You?
FTX vs FTX US Review

FTX vs FTX US: Which one is BEST for You?

June 27, 2022 14 min read
Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 22nd, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
Raydium Review: Solana’s DeFi Liquidity Mammoth

Raydium Review: Solana’s DeFi Liquidity Mammoth

June 11, 2022 17 min read
crypto com
Crypto.com Exchange Review 2022: A World-Class Crypto Exchange
crypto com

Crypto.com Exchange Review 2022: A World-Class Crypto Exchange

June 14th, 2022 30 min read
OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read

Related Posts

Binance partners with the weekend
Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour
Binance partners with the weekend

Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour

June 3, 2022 2 min read
21Shares Releases Sixth State of Crypto Report
21Shares Releases Sixth State of Crypto Report: Summary
21Shares Releases Sixth State of Crypto Report

21Shares Releases Sixth State of Crypto Report: Summary

June 2, 2022 3 min read
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

June 2, 2022 2 min read
Regulators are “Not Allowing” Banks to Engage with Crypto
Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto
Regulators are “Not Allowing” Banks to Engage with Crypto

Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto

June 1, 2022 2 min read
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution

US Conference of Mayors Introduces Blockchain Resolution

June 1, 2022 2 min read
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40Increase
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40% Increase
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40Increase

Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40% Increase

May 31, 2022 3 min read
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours

All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours

May 31, 2022 2 min read