Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The report released by Sophos stated that the crypto fraud application CryptoRom stole 1.4 million U.S. dollars through the use of "super signature service" and Apple's developer enterprise plan. It is reported that fraudsters gain the trust of victims through Facebook and dating platforms (such as Tinder, Grindr, Bumble, etc.), and then lure them to install a fake cryptocurrency application CryptoRom and invest. The victim installs apps, invests, makes a profit, and is allowed to withdraw funds. After being encouraged, they were forced to invest more, but once they deposited a larger amount, they could no longer withdraw cash. To date, Bitcoin addresses related to the scam have sent more than 1.39 million U.S. dollars, and there may be more addresses related to the scam. According to the report, most of the victims are iPhone users. The report stated that CryptoRom bypassed all security checks in the App Store and remained active every day. The report also stated that Apple “should warn users about installing apps through temporary distribution or through the enterprise configuration system that these apps have not been reviewed by Apple.” Attack method (per SlowMist): Scam. Reported loss: $ 1,400,000.
- chain
- bitcoin
- protocol
- CryptoRom
- bug_class
- rug
- date_occurred
- 2021-10-15
- loss_usd
- $1,400,000
- source_id
- sm:cryptorom::2021-10-15