Can anyone tell if the Exodus wallet in Ubuntu’s software store is a scam? My wallet is empty after recovering and it shows a recent transaction of my entire balance sent to an address. I never made this transaction.
It certainly doesn’t look official to me, based on the following simple check:
- The upstream Exodus app is available as a deb and zip. Inside those packages there’s an electron app.
- The exodus snap is a flutter application, not built using electron.
So it could be someone making their own Exodus application, it doesn’t look official.
I installed the snap in a separate VM. It opens with a “Restore Wallet” dialog. If I enter random letters, it connects to some API at https://www.exchangerate-api.com/ and fails (because I didn’t enter a real wallet phrase).
Sadly, looks very dodgy.
I’ve sent an email to the security team. Also @security ^^
2 Likes
Thank you. I’m forwarding this info to FBI and LEA. I’m pretty sure I just got scammed. Ubuntu has it as the only option for Exodus in their Software Store and it says it’s safe…
Sorry to hear that. After reporting the application, it’s now no longer available.
1 Like
We’ve removed the snap from the Store and are now investigating it in-depth.
We’re also looking into implementing additional measures to prevent publishing scammer applications in the future.
@castle Should pursuing the matter with law enforcement require any assistance from our side, please don’t hesitate to reach out.
1 Like
Is this software archived in case law enforcement needs a copy? Is there any info about who uploaded it? Why did Ubuntu say it was safe?
Yes, it is, we will be able to provide a copy of the software to law enforcement if necessary.
We save some data about every snap upload and the user account that uploaded it. We will be able to provide this data to law enforcement upon request from them.
‘Safe’ in this case refers to the app’s inability to access other files and resources on the system. We will reevaluate whether the ‘safe’ label is the best way to express that.
1 Like
Is there a contact email that I can provide the FBI to retrieve a copy of the software? They responded to my IC3 request and are interested in the software.