In an email sent out to its investors, Mining City claims a “fake app” somehow has access to the company’s affiliate database.

From a security standpoint, this makes zero sense.

As per the email Mining City sent out, the app

downloads the user database and accesses users accounts to withdraw funds.

How the app “downloads the user database” is unclear. Ditto why any app would even have access to Mining City affiliate database.

What I can understand happening is an app logging into Mining City, with credentials provided by a user, and then proceeding to empty out an account.

This can be achieved either directly, or by transmitting login information to the app developer, who then manually log into accounts and clean them out.

According to Mining City the app was up on Google Play Store.

A dedicated team managed to remove this app quickly. Due to security concerns, withdrawals will undergo additional verification, which may cause delays.

Withdrawal delays? How convenient.

Mining City recommends its affiliates “enable the Two-Factor Authentication.”

Whether this would have made a difference if the app was given access to a device’s messages is unclear.

Last week Mining City set the stage for withdrawal delays by announcing a fire at MineBest.

The week before that the company introduced a fixed return rate, effectively minimizing ROI liabilities going forward.

Whether Mining City has more drama is planned for next week remains to be seen.