Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.
It was four months before San Francisco-based Phantom Technologies has actually released an Android version of its digital wallet. The free Phantom Wallet app that Pearlman downloaded at first from Google Play was a fake. And when he connected his real Phantom wallet to the app, it cost him a small fortune.
“Less than 24 hours after downloading the fake ‘Phantom Wallet’ app from Google Play, Pearlman’s real Phantom wallet was emptied of over $800,000 worth of virtual currencies, including SAMO, USDC, ORCA and SOL, as well as four additional NFTs,” his lawyers say in a lawsuit that seeks to recover stolen funds from Google rather than the bogus app operator.
The complaint [PDF]filed in a higher court in Santa Clara County, seeks to hold Google liable for breaching its own warranty regarding its security practices and terms of service.
However, the court record also indicates that Phantom October 11, 2021 issued a public warning that Google’s store offered low-quality products. Back then, the real Phantom offered its crypto wallet as a browser extension for Chrome, Brave, Firefox, and Edge. Today, it provides iOS and Android versions along with browser add-ons.
“Phantom is NOT available on iOS or Android,” the company tweeted last year. “Using a fake Phantom mobile app will result in your funds being stolen. Help us by reporting these apps when you see them in app stores.”
Users responded to this warning by lamenting that they had been scammed and the next day Phantom said: “We removed eight different apps this week alone. We can only remove them as quickly as Google responds to our removal requests.”
Nevertheless, Google seems to have been unable to keep fake cryptocurrency-stealing apps out of Google Play.
“Despite Phantom’s efforts to prevent fake Android apps from Google Play Store, and despite Google’s blatant warning that it was offering scam ‘Phantom Wallet’ apps for download, a few days later, on October 21, 2021, Pearlman could, and did, download one,” Pearlman’s complaint said.
The court filing argues that by offering apps through Google Play, the chocolate factory is representing those apps to be safe and warranting through its terms of service that it oversees its services with reasonable care.
According to the complaint, Google “violated its own warranty and terms of service by offering a fraudulent app, failing to warn Pearlman that the app might be dangerous, and failing to block Pearlman from downloading the app.” .
Asked for comment, Google did not immediately respond.
Google requested more time to respond, and the judge determined that the case was complex, requiring more time. A case management conference is scheduled for next week.
If Pearlman is able to recover $800,000 from Google, the lawsuit seems like a better investment than the stolen cryptocurrency mix, so far. Since Oct 21, 2021: SOL is down ~80% from $196.43; ORCA is down around 92% from $12.42; SAMO is down around 55% from its price of $0.029; and the USDC, pegged to the dollar, remains more or less the same.
If Phantom sounds familiar, that’s because it was caught up in an attack on Slope wallets this week in which millions of dollars in cryptocurrencies were stolen from around 8,000 wallets. ®