2 hours ago
686
A fake app impersonating Hyperliquid, a decentralized perpetuals exchange, has been found on the Google Play Store, highlighting ongoing issues with app store moderation and scrutiny for malicious software.
Famous crypto sleuth, ZachXBT, in a public warning issued on his personal Telegram channel, has tagged the app a scam designed to steal users’ funds by phishing for wallet credentials or private keys.
A malicious fake app impersonating Hyperliquid on the Google Play Store. Source: ZachXBT via TelegramHyperliquid does not have an official mobile app
In the warning post he shared on Telegram, Zach warned his followers of the “fake Hyperliquid app on the Google Play Store” while complaining about how platforms like the Play Store don’t do a good job of filtering out these scams.
He also included a theft address, 0x8c12C21C394D9174c3b1a086A97d2C5523ABb8F5, and according to reports, the Ethereum address has already been linked to thefts exceeding $281,000.
The news comes months after cybersecurity firms like Cyble identified over 20 similar phishing apps on the Play Store that were built to deliberately mimic popular crypto platforms, like Hyperliquid, SushiSwap, and PancakeSwap, sites known to routinely interact with user wallets through web interfaces.
Apps created for deceptive purposes like these are often able to evade detection by using legitimate-looking icons, descriptions, and even fake reviews, factors that exploit Google’s review processes as they help them assume a legitimate persona similar to the actual apps they are mimicking.
The latest episode in focus is Hyperliquid, but the platform has never had an official mobile app, so any listing like that should be deemed fraudulent.
Scammers are using Google’s infrastructure for malicious purposes
ZachXBT’s warning comes a few weeks after another famous crypto personality on X who goes by the moniker Mztacat highlighted another way scammers have been using Google to do their dirty work.
According to Mztacat, scammers have been running Google ads for different sites, and all of these ads reportedly go to phishing sites hosted on “sites.google.com.” The post was attached to a screenshot he called a “perfect example” of why people get scammed in crypto searches.
According to him, this happens because the “Sponsored” result at the top is a fake Uniswap link hosted on Google Sites, rather than the real Uniswap domain, and clicking it would drain the wallets of anyone who approves.
⚠️ Careful out there frens!
Scammers are running Google ads for different sites that points to phishing sites hosted on sites[.]google[.]com
This screenshot is a perfect example of why people get scammed in crypto searches. The “Sponsored” result at the top is a fake Uniswap… pic.twitter.com/2JSjhn72NP
— 〽️ᄃムt 🐾 (@mztacat) September 12, 2025
He also attached a video highlighting the trick, pointing out that only people who were paying attention would have been able to tell there was something wrong.
While news like this turns up from time to time on various platforms from X to Reddit, it is crucial to acknowledge that there has been an increase, and they have gotten smarter. Those who do not fall for phishing links presented by fake apps on the Google Play Store can be scammed by a phishing link from a Google-recommended site. Those who avoid those pitfalls can become victims in apps like Telegram, where some users have reported they were scammed by fake support teams.
Overall, the emphasis on vigilance in crypto spaces cannot be overstated, especially since the law in many countries is yet to make provisions for crypto-related victims.
Get up to $30,050 in trading rewards when you join Bybit today
English (US)