Crypto Scam Alert: Fake TradingView App Steals Funds from Traders

Imagine logging into your crypto wallet, expecting to see a healthy balance, only to find it completely drained. This nightmare scenario has become a reality for victims of a sophisticated scam targeting cryptocurrency traders on Reddit. Hackers are distributing malware disguised as free versions of TradingView Premium, a popular trading platform. But instead of gaining access to premium features, victims lose their hard-earned cryptocurrency and personal information.

• Hackers distribute malware as “cracked” TradingView Premium.
• Malware targets cryptocurrency wallets and personal data.
• Part of a larger trend of professionalized crypto crime.

The malware at the heart of this scam, known as Lumma Stealer and Atomic Stealer, is a type of malicious software designed to steal personal and financial information. Once installed, it siphons off cryptocurrency from victims’ wallets and grabs their personal data, leaving them vulnerable to further attacks. Cybersecurity firm Malwarebytes has exposed this scam, revealing that the malware is hosted on a website owned by a cleaning company in Dubai. The command and control server, which directs the malware’s operations, is located in Russia.

Jerome Segura, a senior security researcher at Malwarebytes, warns,

“AMOS and Lumma info stealers have recently been distributed via Reddit posts targeting Mac and Windows users in the crypto space, draining their wallets and stealing personal data. One of the common lures is a cracked version of the popular trading platform TradingView.”

This scam isn’t just about losing your crypto; it’s about having your identity stolen, with criminals using your accounts to send phishing links to your contacts.

This incident is part of a broader wave of professionalized crypto crime. According to Chainalysis’s 2025 Crypto Crime Report, illicit cryptocurrency transactions topped $50 billion in the previous year. With the current market cap of cryptocurrencies standing at over $2.77 trillion, the stakes are higher than ever.

So, how do these scammers pull off such a sophisticated attack? They exploit the trust and helpfulness found in cryptocurrency subreddits. Posing as friendly users, they lure victims with links to “cracked” versions of TradingView Premium. But beware—these files come with a nasty surprise. Double-zipped files with password protection and requests to disable security software are red flags that you’re about to get scammed. Think of it like picking up a “free” diamond on the street—it’s probably fake and comes with a hefty price tag.

This scam reflects the increasing sophistication of cyber attacks in the crypto space. Techniques like the ClickFix method, which spreads malware through fake CAPTCHA pages, and the use of the I2P anonymization network by I2PRAT malware, showcase the complexity of these threats. The outdated PHP versions on the hosting website and specific methods of data exfiltration further underscore the need for robust cybersecurity measures in our digital finance landscape.

As we champion the ideals of decentralization, freedom, and disrupting the status quo, we must also confront the dark side of this financial revolution. Scammers are getting smarter, and it’s up to us to stay one step ahead. While Bitcoin and blockchain technology hold immense promise, they also attract professional criminals looking to exploit the system. It’s a delicate balance between promoting the benefits of these technologies and safeguarding our assets and identities from those who seek to exploit them.

Here are some key takeaways and questions to consider:

• What is the current scam targeting cryptocurrency traders?

  The scam involves hackers distributing malware disguised as “cracked” versions of TradingView Premium on Reddit, which steals personal information and cryptocurrency.

• How are scammers distributing the malware?

  Scammers post links to the malware on cryptocurrency subreddits, posing as helpful users to trick victims into downloading the malicious files.

• What specific malware is being used in this scam?

  The malware used includes types like Lumma Stealer and Atomic Stealer, targeting cryptocurrency wallets, personal information, and system credentials.

• What are the warning signs of this malware?

  Warning signs include double-zipped files with password protection and requests to disable security software before installation.

• How does this scam relate to broader trends in crypto crime?

  This scam is part of a professionalized era of crypto crime, as noted in Chainalysis’s 2025 report, which mentioned over $50 billion in illicit cryptocurrency transactions in the previous year.

• What should cryptocurrency traders do to protect themselves from such scams?

  Cryptocurrency traders should avoid downloading software from unofficial sources, be wary of double-zipped files, and never disable their security software at the request of unknown parties.

To protect yourself from such scams, consider these tips:

• Always download software from reputable sources and verify the legitimacy of the download links.
• Use reputable antivirus software to protect your devices from malware.
• Be cautious of double-zipped files and never disable your security software at the request of unknown parties.
• Stay informed about the latest scams and security threats in the crypto space.

While we celebrate the potential of Bitcoin and other cryptocurrencies to revolutionize finance, we must also confront the reality of these scams head-on. It’s a delicate balance between promoting the benefits of decentralization and freedom while safeguarding our assets and identities from those who seek to exploit them. Stay vigilant, stay informed, and let’s keep pushing forward in this exciting yet challenging world of crypto.