The Apple App Store has been infiltrated by a counterfeit application impersonating the decentralized finance (DeFi) protocol Curve, as reported on February 14 by the developer, who issued a warning to users. The cautionary message emphasized the absence of an official DeFi Curve app and urged vigilance against potential scams, stating, "Beware of scams," while affirming the discovery of a fake product bearing the Curve logo. The admonition underscores the importance of users staying safe amidst such fraudulent schemes.
The fraudulent Curve application attributes its creation to MK Technology Co. Ltd, a dubious entity listed as its developer. Hosted on an official website using Google Sites, the app provides a Proton email contact address and identifies itself as "Curve Finance." Notably, there are no other apps attributed to MK Technology available on the App Store. Despite its unauthorized nature, the fake app has garnered a rating of 4.6 out of 5 stars based on nine reviews, potentially misleading users.
The deceptive app purports to offer robust functionalities for managing borrowers and their loans, presenting itself as a "powerful app" within its promotional material. Additionally, it entices users with the prospect of entertainment through puzzle games available in the app's gaming section, featuring classic and random game modes. However, the true intentions behind the app's design remain unclear, raising suspicions about potential exploitation of in-app features to compromise users' wallet assets.
The proliferation of fake cryptocurrency applications has persisted as a persistent issue over time. Notably, on June 21, 2023, Apple took action to remove a malicious Trezor wallet app from its App Store. This rogue application, upon launch, prompts users to input their wallet mnemonic phrase, thereby granting hackers access to drain users' cryptocurrency holdings. Similarly, Microsoft encountered a similar issue on November 5, 2023, when it removed a counterfeit Ledger app for the third time within two years. Prior to its removal, the fake app managed to siphon $588,000 across 38 transactions, underscoring the urgency of addressing such threats promptly.
