A knock-off version of one of the most popular management tools for cryptocurrencies such as Ether (ETH) has made it to the top of the sales charts on Apple’s App Store, raising questions about Apple’s security processes.
The incident is all the more troubling in that it comes amidst an increase in public interest in cryptocurrencies, following sharp rises in the value of Bitcoin and the launch of trading in futures for the currency on the Chicago Board Options Exchange (CBOE) on Sunday.
The software in question is labelled MyEtherWallet, the same as the popular cryptocurrency management service MyEtherWallet.com.
MyEtherWallet.com runs primarily as a mobile-friendly web service, but doesn’t provide a mobile app. Moreover, it is licensed under the open source MIT licence and is offered for free – unlike the app in Apple’s App Store, which sells for £4.99.
“This is not us,” said MyEtherWallet.com’s developers in a tweet on Saturday night.
The organisers said they had reported the app in question to Apple, but it remained on the App Store as of Monday morning.
MyEtherWallet.com was responding to an earlier tweet by Christian Lundkvist, a cryptocurrency researcher. At the time the MyEtherWallet app was the third most popular app in the App Store’s Finance section, according to Lundkvist. The matter was the subject of an earlier report by TechCrunch.
“I would approach with caution!” Lundkvist wrote.
The app’s developer, listed as Nam Le, has published three other apps on the App Store – two games and a counting app for the Apple Watch. The MyEtherWallet app was initially published on 6 December.
The app doesn’t use the same logo as MyEtherWallet.com, but it’s unlikely any wallet developer would be unaware of existence of the popular web-based service.
While the app may not necessarily be malicious, its use of the name of a popular, pre-existing tool could at best cause confusion for users, and is a particular concern in that the software handles users’ funds.
Apple didn’t immediately respond to a request for comment.
Cryptocurrencies have become the focus of intense interest in recent days due to the soaring value of Bitcoin, which jumped again over the weekend at the start of trading on the CBOE, its first major global exchange.
The wave of publicity helped cryptocurrency wallet app Coinbase climb to the top of Apple’s chart of free iOS downloads in the US last week, up from No. 400 in early November.
Bitcoin traded at below $1,000 at the beginning of this year, but rose past $18,000 last week, prompting a number of experts to warn of a bubble having formed around the currency.
The currencies’ decentralised, unregulated nature make them particularly vulnerable to theft through techniques such as phishing and social engineering, as well as the exploitation of software flaws.
NiceHash, the largest Bitcoin mining marketplace, said earlier this month it had been hacked, with more than 4,700 Bitcoin (currently £60m) stolen, and in June attackers took advantage of a software flaw to make off with Ether currency worth more than $50m (£37m) at the time.
Do you know all about security in 2017? Try our quiz!