Back

Alert: Fake IDEX App Detected on Google Play Can Steal Your Private Keys

Uploading fake applications for smartphones is a patented tactic by cryptocurrency scammers of all sorts. Now, Ether-based exchange IDEX falls victim to them

article image
Cover image via stock.adobe.com

According to the users who have already been scammed, the app steals Ethereum (ETH) private keys and moves funds. Once the IDEX trader logs in, he/she is immediately blocked and loses access to his/her coins.

Too many red flags

The CryptoVigilante Telegram channelwhich addresses cryptocurrency scams and fraudshas reported a very suspicious Android application available on the Google Play store. It impersonates IDEX, the decentralized Ethereum (ETH)-based crypto exchange, which is one of the veterans of the DEX segment.

Fake IDEX app on Google Play
Image by Google Play

The application imitates the interface of the mobile version of the real IDEX site, as well as the IDEX logo. No information about official applications, either for Android or iOS, is available on IDEX's main website.

Despite the IDEX exchange working since 2017, this application has been downloaded only 100+ times, according to Google Play statistics.

This shady application was uploaded to Google Play only a month and a half ago by a very strange developer. He/she uses an email address on a free domain as his/her main contact. It appears that this is the only Android application publicly uploaded by this dev.

Moreover, the CryptoComes team has disclosed that there is a downloadable APK-version of this app on some unofficial platforms for Android users.

Victims report losing funds

The application has a 3.9 rating, which would be very low for the official app of a top-notch Ether-based exchange. All public reviews available describe the manner it uses to steal users' funds.

According to the latest review by a victim, the application blocks the user after signing in with his/her private and public keypair for his/her Ethereum account. CryptoVigilante added that the Ether address used by scammers is disclosed.

Etherscan.io indicates that the fraudsters managed to drain the wallets of blatant investors of almost $10,000 in the last five days.

Downloading applications from the official site of a platform with a valid certificate and HTTPS encryption is the only secure way to install a mobile app. Always double check the domain name, certificate and encryption. Typically, this information is available on the left side of the address bar of your browser.

The fastest way to get crypto news is to follow our Twitter. You won’t miss a thing! Subscribe.

article writer image
Vladislav Sopov

Blockchain Analyst & Writer with scientific background. 5+ years in IT-analytics, 2+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)