Google on Thursday filed a lawsuit against a group of crypto scammers, claiming they defrauded more than 100,000 people worldwide by uploading fake investment and crypto exchange apps to Google Play.
Google says it’s the first tech company to take action against crypto scammers, and it’s doing so as a way to set a legal precedent to establish protections for users. The lawsuit alleges that the defendants made “multiple false statements to Google in order to upload their fraudulent apps to Google Play, including but not limited to false statements about their identity, location, and the type and nature of the app being uploaded.”
The AlphabetThe company-owned company is pursuing civil claims under the Racketeer Influenced and Corrupt Organizations Act (RICO) as well as breach of contract claims against a group of fraudsters, who the company claims created and released at least 87 fake apps to defraud users.
“This is a unique opportunity for us to use our resources to actually fight bad actors who have been running a large-scale crypto scheme to defraud some of our users,” Halimah DeLaine Prado, general counsel at Google, told CNBC Crypto World in exclusive on-interview camera.
“In 2023 alone, we saw over $1 billion in the US from cryptocurrency fraud and scams and this [lawsuit] it allows us not only to use our resources to protect users, but also to serve as a kind of precedent for future bad actors not to tolerate such behavior,” she added.
The lawsuit was filed in the Southern District of New York, said the alleged scammers, identified as Yunfeng Sun, also known as Alphonse Sun, and Hongnam Cheung, also known as Zhang Hongnim or Stanford Fischer, had been running their scheme since at least 2019. The two allegedly lured victims into downloading their apps from Google Playa and other sources through three methods: text message campaigns using Google Voice to victims primarily in the US and Canada, online promotional videos on YouTube and other platforms, and affiliate marketing campaigns that paid commissions to users for reporting people.
Sun, Cheung and their agents designed the apps to appear legitimate, showing users that they were maintaining balance in the app and earning a return on their investment, the lawsuit said. However, users could not withdraw their investments or alleged winnings.
In an attempt to convince users that the apps were trustworthy, the defendants would allow users to initially withdraw small amounts of money, according to the lawsuit. Others were allegedly told they had to pay a fee or have a minimum balance to withdraw their money, tricks that Google said “extorted even more money from some victims.”
“Unfortunately, as new technology emerges, bad actors take advantage of that technology to try to defraud users,” said DeLaine Prado. “We have teams working around the clock to detect fraud, spam and abuse, and when we find a unique case where we can actually go one step further, we will actually engage in affirmative litigation and file a lawsuit to actually create legal protection for our users in a more constructive way .”
One app highlighted in the lawsuit was TionRT, which claimed to be a crypto exchange. Google said the app was uploaded to Play 2022 by a developer account associated with Sun. Members of the alleged fraud scheme used text messages and social media platforms to lure victims into downloading the app and using it to invest, with the promise of additional earnings, according to the complaint.
TionRT appeared legitimate because of news releases about the app published on news service websites, the lawsuit alleges. When victims complained to the texters about not being able to withdraw their money later, they got no answers, according to Google. The platform was eventually closed.
Google was alerted to the fake apps by victims who contacted the company after unsuccessful attempts to withdraw their funds.
“We have a dedicated cybersecurity team that is constantly reviewing all of our platforms and services to look for opportunities where we can do more or where we think users are being abused,” said DeLaine Prado. In some cases, Google cooperates with the police, she added.
Google said in the complaint that when the apps were taken offline, fraudsters would create new ones and upload them to Google Play, using “various computer network infrastructure and accounts to disguise their identities, while providing materially false information to Google.”
Google claims it has suffered more than $75,000 in damages for the cost of investigating the breach and for security and integrity resources. The company is seeking a permanent injunction against the defendants for general damages and to prevent them and their employees from creating Google Accounts and accessing Google services.
