.png){kind=logo}
At least 10 fake wallet apps on Google Play are phishing for users’ recovery phrases.
Apps mimic trusted DeFi platforms like PancakeSwap, Raydium, and SushiSwap.
Users should delete suspicious apps, reset wallets, and enable 2FA to stay safe.
As cryptocurrencies continue to gain traction, so do the threats targeting crypto users. A new wave of malicious apps has been discovered on the Google Play Store, specifically targeting users of popular DeFi wallets. These seemingly legitimate apps are cleverly designed to mimic trusted platforms, but behind the scenes, they’re stealing sensitive information, most dangerously, your wallet’s 12-word recovery phrase.
If you use mobile wallets to manage your crypto, now is the time to double-check your device and ensure you're not unknowingly handing over access to your digital assets.
Cybersecurity experts from Cyble Research and Intelligence Labs (CRIL) have identified at least 10 malicious apps on the Google Play Store that impersonate legitimate cryptocurrency wallets and decentralized finance (DeFi) platforms. These apps are not just fake; they're designed to phish for your recovery phrase, which serves as the master key to your cryptocurrency wallet.
Once a user enters their seed phrase into one of these fraudulent apps, hackers can immediately access and drain the contents of the wallet. These scams are particularly dangerous because the apps:
Imitate the visual design of legitimate wallet apps
Use old, repurposed developer accounts previously tied to trusted apps
Bury phishing URLs inside their privacy policies
Request sensitive login credentials right after installation
If you have any of the following apps on your phone, delete them now:
Pancake Swap
Suiet Wallet
Hyperliquid
Raydium
BullX Crypto
OpenOcean Exchange
Meteora Exchange
SushiSwap
Harvest Finance Blog
DeFi Token Wallet (often listed under generic names)
These apps are available on official platforms, such as the Google Play Store, which lends them credibility. However, their core intent is to trick users into sharing critical wallet recovery data.
Also Read: How Google is Blocking Malicious Apps on the Play Store?
Malicious apps often bypass app store checks by exploiting inactive developer accounts, especially those formerly associated with harmless apps like photo editors or casual games. Once live on the store, these crypto apps:
Prompt users to “recover” their wallet by entering a 12-word seed phrase
Show a polished interface, similar to real DeFi apps
Hide phishing functionality behind a clean user interface
Redirect users to malicious websites via links buried in “privacy policy” sections
If you’ve installed any of the apps listed above, take the following steps immediately:
Go to Settings > Apps
Find the app and Uninstall
If the uninstall is blocked:
Navigate to Settings > Security > Device admin apps
Disable its admin access, then return to uninstall
Do NOT reuse the compromised recovery phrase
Use your wallet provider’s official app or website to create a new wallet
Transfer funds to the new wallet immediately
Most wallets support 2FA or additional security layers, enabling these features to reduce the risk of future hacks
Regularly review your wallet’s transaction history for any unauthorized activity
Set up real-time alerts if supported
Never enter your 12-word recovery phrase into any app unless it is the official, verified version from the wallet provider
Bookmark trusted sources (like MetaMask, Trust Wallet, Coinbase) to avoid phishing sites and fake apps
Use official websites to download apps instead of relying on in-app store search results
Read app reviews carefully, especially 1-star ratings that might warn of phishing activity
The rise of fake crypto wallet apps is a sobering reminder of how rapidly and perilously the cryptocurrency space can evolve. Even if you're downloading apps from Google Play or Apple’s App Store, there’s no guarantee of safety unless you verify the source.
With threats evolving and tactics becoming more deceptive, protecting your seed phrase is non-negotiable. Stay vigilant, use only verified apps, and never share your recovery phrase, as once it’s gone, so is your crypto.
