South Korean exchange Bithumb published a security guide Wednesday urging users to verify app sources after spotting a rise in sophisticated fake trading applications. The exchange runs a monthly Information Security Day, and this July’s campaign focuses on scams that mimic legitimate crypto platforms and even government apps.
According to Bithumb, the latest wave of fake apps goes beyond simple name and logo copying. Some appear to function normally after installation, then add malicious features through later updates. Fraudsters also manipulate app store ratings and reviews to build credibility and bypass marketplace screening, the exchange said.
Bithumb highlighted two common attack patterns. In the first, victims are tricked into installing fake apps that resemble overseas crypto trading platforms. Once installed, the apps ask users to enter wallet recovery seed phrases – giving scammers direct access to their assets. In the second pattern, apps mimicking South Korean public agency tools request excessive permissions, enabling criminals to extract personal data or remotely control the device.
To counter these threats, Bithumb laid out three security rules. First, only install apps through links or QR codes from official websites – never from search results or ads. Second, check that the developer name matches the official company name, and treat overly positive reviews as potential manipulation. Third, watch for unusual permission requests such as access to contacts, texts, or calls. Sharp rises in battery or data usage after installation are also red flags.
If a fake app has already been installed, Bithumb recommended immediately blocking all network connections – Wi-Fi and mobile data – to stop further data leakage. Users should then secure their accounts from a separate device: change the Bithumb password, reset two-factor authentication, delete API keys, and review the withdrawal address whitelist. If suspicious transactions occur, freeze the account through Bithumb’s Investor Protection Center. Infected devices should run antivirus scans or be factory reset.
A Bithumb official warned that fake app scams are becoming sophisticated enough to exploit trust in official app marketplaces. “Carefully checking the official source and developer name before installation is the most reliable way to protect valuable assets,” the official said.
For traders, the takeaway is clear: double-check every download link, especially when a platform claims to be “Bithumb” or another known exchange. The guide reinforces that official app store presence alone no longer guarantees safety.
Bithumb warns of fake trading apps that can steal wallets and personal data
South Korean exchange Bithumb issued a security guide after spotting fake crypto-trading and government apps that can later add malicious features. The apps may trick users into entering wallet recovery phrases or granting access that lets criminals steal personal data and control devices, so Bithumb urged users to install apps only from official sources and check the developer name.