Scammers tricked dating app users into investing $1.4M in fake crypto apps

Despite tough App Store moderation, scam apps can still make their way onto iOS. But it requires a lot of social engineering work.

PARIS, FRANCE - OCTOBER 21: In this photo illustration, a visual representation of the digital Crypt...
Chesnot/Getty Images News/Getty Images

It’s said that love makes people do illogical things. Apparently, those things include investing money into shady cryptocurrency apps that then steal your money, as that’s what scammers reportedly were able to do to victims on dating apps including Tinder and Bumble.

Cybersecurity firm Sophos released a report recently documenting “CryptoRom,” a scam that led to $1.4 million being stolen from victims across the United States and Europe. Cryptocurrency-related scams are on the rise as more people invest in the likes of bitcoin and ethereum, and the nature of the digital currencies makes it hard to regain lost funds.

Social engineering — The con here is pretty simple: the attackers post convincing profiles on legitimate dating sites. Once they’ve matched with a target and begun chatting, they suggest the conversation moves onto a different messaging app. From there they persuade a target to install and invest in a fake cryptocurrency app.

There are already plenty of red flags there, but because the apps are masquerading as legitimate cryptocurrency services like Binance, they can only be downloaded through a website, where an iOS user needs to allow an “Enterprise Signature” be installed on their phone. These signatures allow businesses to install pre-released iOS apps on phones for testing.

The Sophos report says that once a victim downloaded one of these apps and began investing in cryptocurrencies, the app would quickly suggest they’ve made big returns. But when they tried to request a release of their money, they’d be locked out.

These attackers must be pretty slick talkers if they’re able to trick strangers into going this far. Maybe they could have a real business in teaching people how to strike up a conversation on a dating app?

Be careful — The story highlights how even on iOS, which is supposed to be “safe” from malware and other shady applications, scams can still find a way to slip through. You should always be careful installing apps that haven’t been reviewed by Apple and approved for the App Store. Also, you know, anyone you meet on a dating app who tries to get you investing in crypto should be an immediate unmatch. Not just because it’s shady, but also because someone like that would likely be unbearable if you ever met them in person.