Discussion
Web3 is Going Just Great
LunaSea: I thought that Apple was reviewing each and every app which was the reason that justified them getting a silly 30% margin from all app revenues?
2OEH8eoCRo0: I think people are less safe overall because they believe the walled garden is safe and they let their guard down.
rafaelmn: hOw WOulD mY graNDparNtS AvOiD getTiNG sCAmmED iF APPLE did nOT locK dOWn evEryThinG ?
tadfisher: Source article: https://www.coindesk.com/business/2026/04/14/a-fake-ledger-a...Choice quote:> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.[0]: https://t.me/investigations/313#
2OEH8eoCRo0: Apple should be liable for this.If Walmart sells a dangerous product, even unknowingly, they can be liable. Why are digital stores different?
pwillia7: Walmart wasn't created late enough in the 2nd gilded age to effectively lobby the government against having any rules
scotty79: Apple should be on the hook for that. If you moderate, you are responsible for damage.
throw1234567891: Thankfully bitcoin is losing value, all those users lost less money as an effect!
throw1234567891: ThEY sHoUlD Pay AttENtIoN tO WhAt tHey aR3 d01n6!
throw1234567891: Contact your representative?
Ekaros: I thought that Apple ecosystem had no bad apps as it prevented sideloading. I have heard that as reasoning to prevent it multiple times here on HN.
tencentshill: They only needed it to exist on the app store for a week before stealing millions with zero recourse. These wealthy crypto people need to stop being cheap and hire financial advisors. The only reason for not doing so is if it was gained illegally in the first place.
wmf: A lot of people got into crypto because they want to manage their own money. They aren't going to use crypto financial advisors.
SrslyJosh: > A lot of people got into crypto because they want to manage their own moneyuncontrollable laughter
SrslyJosh: Not "investing" in cryptocurrency would be a good start. =)
post_break: Thankfully the App Store doesn't allow side loading, because it completely stops fraud like this. At least that's the number one reason why I keep getting told if we allow side loading this will happen.
throw1234567891: If they did, we’d be reading about such cases daily.
idle_zealot: Eh, kinda a weak argument. Too easy to counter with "but sideloading would let that happen more!" That might even be right, and a difference in amount is important. There will never be a totally secure system, after all.I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
hnburnsy: Here is the archived App store page...https://archive.ph/4RVLf
basilikum: > people entered their seed phrases into the app, then discovered their wallets were immediately drained.Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
alasano: maybe they had a check to determine total value of all collected seeds and then triggered auto sweeps from a certain threshold to guarantee a minimum.Not sure what the game theory optimal way of stealing is!
basilikum: That would make sense.But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.I'm probably over thinking this and it was just a quick and dumb money grab.
