Crypto Wallet Users Lose Funds in Snap Store Hijacks
DM
NewsroomHow are Linux Snap Store users being targeted by crypto wallet scams?
What makes the fake wallet apps on Snap Store so dangerous?
How can users protect themselves from these Snap Store crypto scams?
- Hackers target Snap Store accounts using expired domain attacks.
- Malware disguised as wallets drains user funds through seed phrases.
On January 21, 2026, attackers leveraged expired domains to hijack developer accounts on Canonical's Snap Store, leading to widespread cryptocurrency theft via malware-disguised wallet applications. This breach highlights the significant financial and trust-related consequences for affected users.
The attackers employed a domain resurrection attack, a technique where expired domains linked to legitimate developer accounts are purchased and used to reset account passwords on the Snap Store. This allowed full access to these accounts, enabling the attackers to push malware-laced updates under the guise of trusted applications.
The compromised apps mimic popular cryptocurrency wallets, including Exodus, Ledger Live, and Trust Wallet, tricking users into entering their wallet recovery phrases. These sensitive details are sent directly to the attackers, resulting in substantial losses of cryptocurrency holdings. In particular, two domains—storewise.tech and vagueentertainment.com—have been confirmed as part of the exploit.
This issue isn’t isolated to the Snap Store. Similar attacks using domain resurrection have been observed across other platforms such as GitHub, PyPI, and npm, exposing a broader vulnerability. These incidents emphasize the risks of relying on outdated recovery mechanisms or inactive accounts.
To mitigate such risks, platforms need stricter security measures. For example, in June 2025, the Python security team proactively removed over 1,800 expired email accounts on PyPI to prevent account exploits. Experts recommend similar actions for the Snap Store, including monitoring domain expiry states, implementing tighter verification for dormant accounts, and mandating two-factor authentication for all users.
This situation underscores the urgent need for robust security frameworks to protect users against sophisticated attacks targeting cryptocurrency wallets and developer platforms.
Get real-time crypto breaking news on Unblock Media Telegram! (Click)
