Here’s another cautionary tale for blockchain investors. Hackers have purportedly stolen 1,500 EOS ($8,500) from popular YouTubers, the Hodgetwins, after they downloaded a dodgy cryptocurrency wallet from the App Store.
The Hodgetwins insist the hackers made off with their cryptocurrency soon after the YouTubers transferred their EOS tokens to a presumably malicious cryptocurrency wallet called EOSIO Wallet Explorer. The pair say they downloaded the wallet from Apple’s App Store.
The twins, who boast more than 4 million subscribers on YouTube, have since posted a video to sum up the situation.
“I have been [EOS Wallet Explorer] on my iPhone to hold my EOS. I noticed these three transactions […] totaling 1,500 EOS tokens,” wrote the Hodgetwins. “I want to be clear I did not authorize these transactions, not sure how this could have happened. I filed a claim with ECAF claims […] but have not received a response yet.”
Below are the three transactions that the Hodgetwins claim to be illegitimate.
A cryptocurrency wallet built by hackers?
The Hodgetwins explained they only decided to move their EOS after the cryptocurrency community convinced them that storing digital assets on an exchange is not safe.
Unfortunately, the wallet they chose was not as secure as they had hoped. The Hodgetwins claim that hackers illegitimately removed EOS from their EOSIO Wallet Explorer account early last month.
Their 1,500 EOS had spent just one week in the wallet before thieves removed it all in secret.
It’s also worth noting that this isn’t the first time the EOS community has accused EOSIO Wallet Explorer of misappropriating funds.
In fact, over the past month, users have submitted four separate complaints that read eerily similar to what the Hodgetwins have recounted. For context, the app was launched in July.
Hard Fork has reached out to Apple to clarify the screening process for cryptocurrency-related apps.
If it does turn out that EOSIO Wallet Explorer isn’t legitimate – then this is yet another case of blatant negligence resulting in significant financial losses for regular investors.
Quickly, alert the EOS police!
The Hodgetwins filed a complaint with the official arbitration arm of the EOS blockchain, ECAF. They are yet to receive a response.
It’s certainly a worthwhile move, considering EOS block producers have set precedent to allow outside intervention in times like this.
Earlier this year, EOS block producers made executive decisions to put seven EOS accounts on hold in order retrieve stolen cryptocurrency – a highly controversial move that has been criticized heavily.
While $8,500 might pale in comparison to other world-stopping cryptocurrency heists, it is painfully obvious that this particular situation could have been avoided.
It’s not just Apple that struggles with protecting users – Google has also failed at identifying problem apps. The Big G even removed some of the most actively used cryptocurrency wallets from its Play Store without explanation. Google would only re-approve the apps after developers made undisclosed adjustments.
If there is anything to learn from what happened to the Hodgetwins, it’s that cryptocurrency and blockchain apps hosted by Google or Apple can still be complete bullshit. Having either company list an app is not the same as a security audit.
Users should not automatically trust the apps listed on either service, as it ultimately acts as cheap marketing and carries no proof of safety.
Published October 2, 2018 — 15:27 UTC