26 Fake Crypto Wallet Apps Slipped Past Apple's App Store Review

Researchers have flagged 26 fraudulent cryptocurrency wallet applications that cleared Apple’s notoriously strict App Store review process. The apps impersonate legitimate wallet brands and are built to harvest seed phrases — the master keys that grant full control over a victim’s crypto holdings. Once a user enters their recovery phrase into the counterfeit interface, attackers can drain associated wallets at will.

The incident punctures the assumption that iOS curation reliably blocks financial malware. Seed-phrase theft requires no exploit chain, no privilege escalation, and no persistence — just a convincing UI and a working submission pipeline. Apple’s review gates are tuned for technical policy violations, not brand impersonation and social-engineering payloads, which is why fake wallets keep landing on the store.

For users, the takeaway is that app-store provenance alone is not a trust anchor for custody-class software. Hardware wallets, verified publisher identities, and direct downloads from wallet vendors’ own domains remain the only defensible path. For platform operators, the recurrence suggests review tooling needs brand-impersonation and wallet-behavior heuristics, not just static policy checks.