Fraudsters Post Fake Poloniex Cryptocurrency Trading Apps to Google Store

Security researchers have discovered several fraudulent apps on the Google Play store purportedly tied to the Poloniex cryptocurrency exchange.

AccessTimeIconOct 25, 2017 at 9:00 a.m. UTC
Updated Sep 13, 2021 at 7:04 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Security researchers have discovered at least three fraudulent apps on the Google Play store purportedly tied to the Poloniex cryptocurrency exchange.

An article posted on IT security firm ESET’s news site We Live Security details how two of the apps, respectively called "Poloniex" and "Poloniex Exchange," were put onto the Android app service and downloaded more than 5,500 times before being removed. Reportedly, Poloniex does not have an official Android app.

The news (as well as the existence of the apps) highlights the cybersecurity pitfalls of cryptocurrency, as the high-dollar value of some digital assets has drawn the attention of would-be fraudsters. In this case, the apps asked Poloniex users to enter their account credentials, granting the fraudsters access to the victim's emails – thus giving them the ability to alter passwords and delete any evidence of outbound transactions.

ESET wrote in the article:

"This means the attackers can carry out transactions on the user's behalf, change their settings, or even lock them out of their account by changing their password."

The researchers could not say how many people may have been adversely affected by the fake apps. The article notes that Poloniex allows users to enable 2-factor authentication (2FA) to protect their accounts from this type of attack. If a user has 2FA enabled, the attackers would not be able to log into an account even with the appropriate credentials.

The first app, Poloniex, was on Google Play for about three weeks and saw 5,000 downloads before being taken down on Sept. 19, 2017. The second was in the store for a few days and was downloaded 500 times until it, too, was removed.

As of press time, a third app – "Poloniex - Bitcoin/Digital Asset Exchange" is still available on the Play store, with at least 1,000 downloads to date.

Theft image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.