Hello.
This is Bithumb, your safe financial partner.
This month, we want to talk about fake trading app scams that prey on a moment of carelessness, where users think, "It's in the official app store, so it must be safe to install."
😨 This actually happened
Case 1. A fake app impersonating the official app of a famous overseas virtual asset hardware wallet brand
A fake app, almost identical in name and icon to the official management app of a famous overseas virtual asset hardware wallet brand, was registered on the Apple App Store.
Item: Platform
Content: Apple App Store (Official Market)
Item: Method
Content: Registered with a name similar to the official app, then prompted for seed phrase (24 words) upon app installation → Immediate wallet theft
Item: Damage Scale
Content: Approximately $768,000 (approx. 1 billion KRW)
1. The victim searched for the app on the App Store.
2. The search results displayed a fake app that was almost indistinguishable from the legitimate one.
3. Upon installing the app, a prompt appeared asking to "Enter the seed phrase to recover your wallet."
4. The moment the seed phrase (24 recovery words) was entered, the attacker stole the victim's entire virtual asset wallet.
What is a Seed Phrase?
It is the master key to a virtual asset hardware wallet. Anyone who knows these 24 words can access all assets in the wallet.
Case 2. Malicious app impersonating a public institution app
There was also a case where an overseas criminal organization created and distributed a malicious app that looked identical to an official app of a domestic public institution.
Item: Method
Content: Approached victims disguised as financial/investigative agency staff → Induced installation of malicious app via fake app store link
Item: Damage Scope
Content: Theft of personal information such as call/text history, contacts, remote control of phone calls and camera
Item: Feature
Content: A second malicious app was disguised as a normal system file, making it difficult to delete
1. Perpetrators disguised as investigative or financial institution staff induce victims to "install an app to prevent criminal damage."
2. When the victim accesses the link received via text, a fake app store page appears, and a malicious app is installed.
3. The app requests all permissions, and upon acceptance, a second malicious app is secretly installed, taking over the entire device.
Key: Investigative or financial institutions do not request app installation via text or phone calls.
If you receive such a request, immediately hang up and verify directly with the institution's official number.
😟 Fake Apps, Why Did They Pass App Store Review?
Despite official app stores having review procedures, attackers bypass them through various methods.
Bypass Method: Gradual Feature Addition
Description: Initially functions normally, then malicious features are inserted after an update
Bypass Method: Similar Name Registration
Description: Uses names that differ by only 1-2 characters from the official app (e.g., Bithumb → Bithumbb)
Bypass Method: Icon/Design Replication
Description: Mimics the design of the legitimate app exactly
Bypass Method: Review Manipulation
Description: Fakes positive reviews to disguise credibility
😮 Fake Trading Apps, There are also these methods
Fake apps are distributed through various channels other than app stores.
Type: Search Engine Ads
Method: Fake sites appear as ads when searching for "Bithumb app download" on portals
Type: SNS/Messenger Links
Method: Direct transmission of APK files via KakaoTalk, Telegram, etc.
Type: Investment Leading Rooms
Method: Inducing installation of unknown apps by claiming high returns
Type: Phishing Texts
Method: Sending fake app download links via text, e.g., "Security update required"
💸 If you fall for a fake app, you can suffer these damages
Fake apps impersonating official apps can deceive users with screens very similar to the official app.
Furthermore, to gain user trust, they may even allow small withdrawals. However, they can later demand additional deposits for reasons like taxes or fees, or steal login credentials and personal information to seize assets and even take over the device.
Damage Type: Virtual Asset/Asset Theft
Content: The moment you enter login information into a fake trading app, assets in the account are immediately withdrawn to an external address.
Damage Type: Personal Information Leak
Content: Name, date of birth, contact information, financial information, etc., are stolen and exploited for secondary scams.
Damage Type: Complete Device Takeover
Content: Upon installation of a malicious app, call/text eavesdropping, remote operation of camera/microphone, and theft of information from other apps occur.
✅ 3 Principles to Prevent Fake App Damage
Don't overthink it. Just check these 3 things before installing an app.
CHECK 1. Install only through official channels
The Bithumb app must be installed via the link or QR code provided on the Bithumb official website (bithumb.com).
Do not use search results or advertisement links. Fake apps are created to look almost identical to official apps, including icons and screen designs!
CHECK 2. Before installing an app, check if the developer is an official company and if the reviews and ratings are trustworthy.
Before installing, verify that the developer name exactly matches the official company name.
Even if reviews and ratings look good, they are often manipulated. If reviews are excessively similar or filled with short, simple praises, be suspicious.
CHECK 3. Be wary of excessive permission requests and abnormal smartphone status when using an app.
Immediately delete apps that request permissions unrelated to transactions, such as contacts, messages, or call history.
If your battery drains quickly, data usage spikes, or unknown apps appear after installing an app, suspect malicious app infection.
What if you've already run it?
Don't panic, and take action according to the steps below.
(1) Immediate Actions
① Immediately Block Network Connection
* Disconnect Wi-Fi and wired LAN to block external communication.
* This is the top priority measure to prevent further data leakage and remote control by malware.
② Bithumb Account Protection Measures
* Perform the following actions using another device (e.g., a separate smartphone) that is not suspected of being infected.
* Immediately change your Bithumb password.
* Reset and reconfigure 2-Factor Authentication (2FA).
* Delete all API keys (if previously issued).
* Check withdrawal address whitelist and delete unregistered addresses.
* Check recent login history and withdrawal details → Report immediately to Bithumb Customer Service if unusual transactions are found.
③ Protect Other Major Accounts (outside Bithumb)
* Change passwords for all services (email, financial, SNS, etc.) that have been logged into from the infected device.
* If other services use the same password, change those accounts as well.
(2) Infected Device Actions
① Thorough Scan with Antivirus Program
* Perform a full, detailed scan with the latest version of an antivirus program.
② If Malware Removal is Difficult
* If antivirus treatment is impossible or re-infection recurs, OS initialization (format and reinstall) is recommended.
* Before initialization, back up important data to offline storage (external hard drive, USB, etc.), and perform a separate scan on the backup files.
③ Apply Latest OS and Software Updates
* After OS initialization or successful treatment, update the operating system and all software to the latest versions.
* This measure prevents the re-exploitation of vulnerabilities that led to the infection.
(3) Reporting and Support Request
Caution: Do not log into any financial service, including Bithumb, from a device suspected of infection. Please ensure account protection measures are carried out using a separate, verified safe device.
Situation: Unusual transactions on Bithumb account found
Report/Inquiry Contact: Bithumb Investor Protection Center
Contact Number: 1661-5566
Situation: Report hacking / malware damage
Report/Inquiry Contact: KISA 118 Counseling Center
Contact Number: 118
Situation: Consultation and reporting for voice phishing, smishing, cyber fraud
Report/Inquiry Contact: 182 Police Civil Service Call Center
112 Reporting Center
Contact Number: 182
112
Situation: Report financial fraud, disputes and crimes
Report/Inquiry Contact: Financial Supervisory Service
Contact Number: 1332
How to Use Bithumb Security Features to Protect Your Account
(1) Activate 2-Channel Authentication
2-Factor Authentication is a security feature that performs an additional authentication step after logging in with your ID and password, in addition to SMS authentication.
Even if your password is leaked, account theft can be effectively prevented as no one can log in without the additional authentication step.
* 2-channel authentication registration can be set after logging in with ID and password.
* How to set up:
* PC: Click name at the top > Settings > Security Center > 2-Channel Authentication Registration
* Mobile: Bottom menu > More > Customer Service > Security Center > 2-Channel Authentication Registration
[Case of Misuse]
There has been a reported case where an attacker deceived a mobile carrier to transfer the victim's phone number to the attacker's SIM card, then intercepted the authentication code sent via SMS to access the virtual asset account, resulting in the theft of $38,000.
(2) Utilize Overseas IP Access Blocking Feature
The overseas IP access blocking feature is a security function that allows you to receive notifications when a login attempt is made from abroad.
This enables quick recognition of abnormal login attempts from overseas and further protects your account.
* Can be set after logging in with ID and password.
* How to set up:
* PC: Click name at the top > Settings > Security Center (Customer Support) > Block Overseas IP
* Mobile: Bottom menu > More > Customer Service > Security Center > Block Overseas IP
(3) AhnLab Safe Transaction Security Program
Bithumb provides the AhnLab Safe Transaction security program for a safe trading environment.
* This program is OFF by default and is installed and run when the user manually changes it to ON.
* Key protection features:
* Keyboard Input Protection: Protects passwords and personal information when entered, from malicious programs like keyloggers.
* Phishing/Pharming Blocking: Warns and blocks access to manipulated websites.
* Memory Hacking Prevention: Detects and blocks unauthorized access to browser memory areas.
(4) User Recommendations
* When accessing Bithumb, please use the official URL and app, and refrain from accessing via search engine advertisement links.
* Please avoid accessing Bithumb via links in emails or texts from unverified sources.
* If you receive a notification regarding a security setting change, please immediately verify whether you made the change yourself.
Attackers target a moment of your carelessness.
Before installing, verify the developer and the source — even if it's inconvenient, these two steps protect your assets.
Thank you