It's that part of the cycle where it's important to remind you freaks of the wallet software you download. As Michael Goldstein said many years ago, Everyone's a Scammer looking to get your bitcoin. Scammers come in all shapes and sizes. Some will promise you that they can produce yield if you give them your bitcoin and allow them to allocate it to traders who will go outperform the market. Others will try to convince you that you should convert your bitcoin to their preferred shitcoin because it is destined to appreciate in BTC terms. There's even a class that will shamelessly tell you to keep your bitcoin on centralized exchanges, which have a history of going bust.
This class of scammer is a bit more sophisticated. There is a lot of effort that goes into selling a dream that gains are to be had or preserved if you take their advice. This type of scammer typically wears a suit, a sheek silicon valley startup outfit, or a wizard costume. This type of scammer preys on individuals who should otherwise know better, but are easily suceptible to flashy confident talking.
On the other side of the spectrum is a class of scammer that preys on people simply looking to properly secure their bitcoin. The unsuspecting innocent victim who thinks they're doing the right thing by downloading wallet software to secure their bitcoin properly. There are no front men to these scams outside of sleek websites and "Download" buttons. Something like the scam wallet above attempting to get users of the Trezor wallet to download a mobile app they assume is connected with the company and insert their seed phrase so their funds can be swept to a wallet controlled by the scammer.
This is something everyone should be hyper aware of when downloading any wallet software. There are scammers across the internet attempting to convince you that you are downloading secure and trustworthy software when you are actually downloading malware. To avoid this you should incorporate few best practices when downloading and using wallet software:
- Identify the company or project's official GitHub page and download the software directly from there. Ideally verifying the PGP key associated with the project.
- If you are not technically capable of doing that or are not comfortable with GitHub, the very least you can do is download the software from the official website associated with the company or project whose software you are using. Err on the side of caution and type the URL in manually.
- When buying a hardware device, always buy directly from the manufacturer's website. Resellers, even if verified by the manufacturer, are a no-go for your Uncle Marty.
- NEVER put your seed phrase into an app if they prompt you to do so out of the blue. The only time you should need to enter a seed phrase when using a wallet is when you are consciously recovering a wallet using a seed phrase, which typically requires a multi-step UX flow. And this should always be done on a dedicated hardware wallet if possible. If you recover from seed via a mobile or desktop wallet that forces you to type whole words out, you should immediately sweep the funds to another wallet upon recovery.
- Do not click links sent via email from "wallet providers".
- Don't be afraid to ask a friend or DM someone you deem to be an "expert" in the space (my DMs are open) if you feel uneasy about a particular software. A reference check can't hurt.
I don't think it's clear whether or not the fake Trezor suite app has successfully conned anyone into coughing up their seed phrase, but the liklihood is that there has been some victims that have fallen prey to this scam.
Securing bitcoin is a very serious matter that should not be taken lightly. Take your time. Do your research. Cross reference the official sites of these providers using social media and GitHub. Ask a friend or someone on Twitter if you are not sure. Most importantly, be aware that this type of scamming exists.
I can hear the ocean calling me.