Bitcoin Is Nearly Unhackable. Your Wallet Isn't (Even If You Got It Straight From the Apple App Store).

G. Love has had better weeks.

The Philadelphia musician (real name Garrett Dutton, frontman of the blues-rock band G. Love & Special Sauce) recently set up a new laptop and needed to install the app for his Ledger hardware wallet. He went to the **Apple **App Store, found what looked like the right app, and downloaded it. Routine stuff, especially if you’re a longtime crypto owner like G. Love.

But it wasn’t the right app. The one he downloaded and installed from the official App Store was a scam designed to drain crypto wallets. G. Love had $420,000 of Bitcoin (BTC +0.98%) in his crypto wallet. After installing that app, he had nothing.

His entire retirement fund vanished almost instantly.

“It was my own [darn] fault for not being more diligent,” Dutton wrote on X. “But let it serve as a warning. There’s so many scams.”

The risks are real, but maybe not what you think

He’s not wrong. Fake crypto apps have plagued app stores for years. Apple’s vetting process is stricter than most, but it’s still not perfect. The company removes fraudulent apps when reported, but often not before significant damage is done.

There’s a classic XKCD comic (number 538, for the curious) that makes this point better than I can. It shows a crypto believer explaining how his private keys are protected by military-grade encryption that would take computers trillions of years to crack. In the next panel, a crook hits him with a $5 wrench until he gives up the password.

The joke is that cryptographic security is only as strong as its weakest link, and the weakest link is almost always human.

Bitcoin’s underlying technology is remarkably secure. The blockchain itself has never been successfully hacked. Transactions are verified by a decentralized network, and the cryptography protecting the ledger would take current computers millions of years to crack.

Investors worry that quantum computers will undermine encryption security in a few years, and developers are working on ways to make Bitcoin quantum-secure. For the next few years, however, it’s safe to assume that no one will hack the Bitcoin ledger (or most of the serious cryptocurrencies on the market today).

But your wallet app, exchange account, and ability to distinguish a real app from a fake one in a trusted app store? Those are all very hackable, meaning they can be compromised by fraud, phishing, or a convincing fake.

G. Love didn’t get beaten with a wrench. He just downloaded an app from a place where he reasonably expected the crypto apps to be legitimate. That was enough.

Expand

CRYPTO: BTC

Bitcoin

Today’s Change

(0.98%) $780.32

Current Price

$80369.00

Key Data Points

Market Cap

$1.6T

Day’s Range

$79588.00 - $80604.00

52wk Range

$60255.56 - $126079.89

Volume

25B

How to stay safe

The bad news: There’s no foolproof defense. Scammers are creative, app stores aren’t perfect, and even experienced crypto users get caught.

Unfortunately, I speak from experience. I lost most of my longtime crypto holdings in the summer of 2023. I expected an important phone call, so I answered a ring from an unknown number and missed several signs of something fishy. The scammer claimed to work for Coinbase, needing some help securing my account against an attempted hack.

That was a different attack than G. Love’s bad day, and there are many others. The rock star had owned his Bitcoin since 2017, and maybe he got a bit too comfortable with routine account maintenance tasks – like installing the wallet app on a new computer.

The better news: You can make yourself a harder target. Here’s how.

• Go to the source. Don’t search the Apple or Android store for wallet apps; go directly to the manufacturer’s website and download from there. Bookmark it to make sure you’re going to the true source next time.
• Scrutinize everything. Check the developer name, publish date, and reviews. Scam apps often have telltale signs if you’re looking for them.
• Diversify for the win**.** Keeping your entire retirement fund in one wallet is like keeping your life savings in one pocket. Multiple wallets mean a single breach can’t wipe you out. And crypto should only be a small portion of your nest egg in the first place.
• Layer your defenses. This includes passphrases, two-factor authentication, or whatever your wallet supports. Use all of it. Sure, it gets a little harder to log in for legitimate purposes, but every hurdle makes your investment safer.
• Stay paranoid. I don’t mean that in a fun way. You should assume that “this app store might be lying to me,” even if you’ve been there a thousand times before. As grunge rocker Kurt Cobain said in 1991: “Just because you’re paranoid/don’t mean they’re not after you.”

The fundamental issue with crypto is that there’s no undo button, customer service line, or FDIC insurance. If someone drains your wallet, that’s it. Prevention isn’t just the best defense. It’s the only one.

G. Love just learned that lesson the hard way, as I did in 2023. Don’t make your own costly mistakes, dear reader. Learn from these examples instead.