Which apps are stealing your crypto—and how to stay safe 
Gadgets

Crypto wallet users beware: Delete these malicious apps from your phone now

A new report flags dangerous crypto wallet scams on the Play Store, tricking users into sharing sensitive recovery phrases

Atreyee Poddar

Android users with cryptocurrency apps on their phones have been hit with a red alert. A fresh report by Cyble Research and Intelligence Labs (CRIL) reveals a massive phishing operation involving over 20 dangerous apps on the Google Play Store—many of them impersonating trusted crypto wallets. These apps are harvesting 12-word recovery phrases, effectively handing over the keys to users’ DeFi wallets to cybercriminals.

Which apps are stealing your crypto—and how to stay safe

Crypto adoption may be booming, but so are the risks. What makes this scam particularly insidious is how convincing these apps look. From design to functionality, they mirror legitimate platforms. Apps like SushiSwap, PancakeSwap, Raydium, Hyperliquid, and Suiet Wallet are among the dangerous ones identified yet. Once installed, the app prompts users to enter their recovery phrases, often disguised as a “wallet restore” feature. Behind the scenes, this data is routed to malicious actors who can then drain funds in seconds.

A new report flags dangerous crypto wallet scams on the Play Store, tricking users into sharing sensitive recovery phrases

The attack vector is smartly masked. Cybercriminals are reportedly uploading these phishing apps using developer accounts previously associated with unrelated tools—like gaming and video editing software. What’s more, the apps conceal their phishing URLs within their privacy policies, adding a layer of false legitimacy.

Here are some of the identified fake crypto apps you should delete immediately:

  • Suiet Wallet

  • BullX Crypto

  • SushiSwap

  • Raydium

  • Hyperliquid

  • OpenOcean Exchange

  • Pancake Swap

  • Meteora Exchange

  • Harvest Finance Blog

How to stay protected from crypto wallet scams:

  • Never input your 12-word recovery phrase into any app you haven’t verified.

  • Download only from trusted sources, and always double-check the developer name.

  • Read reviews carefully, especially for crypto-related apps with fewer downloads.

  • Enable two-factor authentication where available.

As the digital currency space evolves, so does the sophistication of scams. Users must remain vigilant, not just about where they store their assets, but how they access them. The golden rule? If an app asks for your recovery phrase, it’s a red flag—shut it down before it shuts you out.

How to make the viral lazy dumpling recipe at home?

Rishab Rikhiram Sharma takes the stage at Ramayana's grand trailer launch in New Delhi

72nd National Film Awards: Complete winners list as Article 370 wins Best Film, Mammootty and Kartik Aaryan share Best Actor

Toscano’s Monsoon Menu serves up cosy Italian comfort in Hyderabad

Shipra Bhattacharya’s In Bloom exhibition celebrates feminine energy, emotion & resilience