Google filed a lawsuit on Thursday against a group of crypto scammers, alleging they defrauded more than 100,000 people across the globe by uploading fraudulent investment and crypto exchange apps to Google Play.
Google says it’s the first tech company to take action against crypto scammers, and is doing so as a way to set a legal precedent to establish protections for users. The lawsuit claims the defendants made “multiple misrepresentations to Google in order to upload their fraudulent apps to Google Play, including but not limited to misrepresentations about their identity, location, and the type and nature of the application being uploaded.”
The Alphabet-owned company is bringing civil claims under the Racketeer Influenced and Corrupt Organizations (RICO) law as well as breach of contract claims against the group of scammers, who the company said created and published at least 87 fraudulent apps to dupe users.
“This is a unique opportunity for us to use our resources to actually combat bad actors who were running an extensive crypto scheme to defraud some of our users,” Halimah DeLaine Prado, general counsel at Google, told CNBC Crypto World in an exclusive on-camera interview.
“In 2023 alone we saw over a billion dollars within the U.S. of cryptocurrency fraud and scams and this [lawsuit] allows us to not only use our resources to protect users, but to also serve as sort of a precedent to future bad actors that we don’t tolerate this behavior,” she added.
The lawsuit, filed in the Southern District of New York, said the alleged scammers, identified as Yunfeng Sun, also known as Alphonse Sun, and Hongnam Cheung, also known as Zhang Hongnim or Stanford Fischer, conducted their scheme since at least 2019. The two allegedly lured victims to download their apps from Google Play and other sources through three methods: text message campaigns using Google Voice to victims primarily in the U.S. and Canada, online promotional videos on YouTube and other platforms, and affiliate marketing campaigns that paid user commissions for signing up people.
Sun, Cheung and their agents designed the apps to appear legitimate, showing users that they were maintaining balances on the app and earning returns on their investments, the lawsuit said. However, users couldn’t withdraw their investments or purported gains.
In an effort to convince users that the apps were trustworthy, the defendants would allow users to initially withdraw small amounts of money, according to the suit. Others were allegedly told they needed to pay a fee or have a minimum balance to withdraw their money, ploys that Google said “bilked some victims out of even more money.”
“Unfortunately, as new technology arises, bad actors exploit that technology to try to defraud users,” DeLaine Prado said. “We have teams that work around the clock to detect fraud and spam and abuse and when we find a unique instance in which we can actually go a step further, we’ll actually engage in affirmative litigation filing a lawsuit to actually create legal protections for our users in a more constructive way.”
One app highlighted in the suit was TionRT, which claimed to be a crypto exchange. Google said the app was uploaded to Play in 2022 by a developer account associated with Sun. Members of the alleged fraud scheme used text messages and social media platforms to lure victims into downloading the app and using it for investing, with the promise of earning extra money, according to the complaint.
TionRT appeared legitimate because of news releases about the app published on newswire service websites, the suit said. When victims complained to the texters that they were later unable to withdraw their money, they wouldn’t get responses, according to Google. The platform was eventually shut down.
Google was alerted to the fake apps by victims, who contacted the company after unsuccessful efforts to withdraw their funds.
“We have a dedicated cybersecurity team that is constantly looking across all of our platforms and services to look for opportunities where we can do more or where we think that users are being abused,” DeLaine Prado said. In some cases, Google partners with law enforcement, she added.
Google said in the complaint that when it would take the apps offline, the scammers would create new ones and upload them to Google Play, using “varying computer network infrastructure and accounts to obfuscate their identities, and making material misrepresentations to Google in the process.”
Google claims it suffered damages in excess of $75,000 by incurring expenses to investigate the breach and on safety and integrity resources. The company is seeking a permanent injunction against the defendants for general damages and to prevent them and their employees from creating Google accounts and accessing Google services.