When iPhone user Phillipe Christodoulou downloaded the Trezor app from the App Store in February, he thought he was getting a way to check his bitcoin balance by plugging his Trezor device into his iPhone’s Lightning port via a micro USB-to-Lightning adapter. Instead, the Washington Post reports, he lost his entire savings in an instant—17.1 bitcoin worth $600,000.
Trezor is not a fly-by-night bitcoin company. It was one of the first companies to offer a personal hardware wallet and has been endorsed by Twitter’s Jack Dorsey. But Trezor doesn’t make an iPhone app and its U2F hardware token doesn’t work with the iPhone. Trezor’s website does state that, “Use of your Trezor device on iOS is currently not (yet) supported,” but unless you’re diving into the tech specs you could miss it.
The device Christodoulou used stores a personal 12- to 24-word recovery seed and has a display “to fully inform you about the authentication request before you approve it.” The app he used seemingly took that information to siphon bitcoin from his account.
But Christodoulou doesn’t blame Trezor for the theft. He blames Apple for approving the app in the first place. Apple told the Washington Post, “In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future,” and a search in the App Store for a Trezor app doesn’t bring up any specific results. Apple declined to tell the Washington Post whether it has contacted the authorities about the app… Macworld