the app is for a major crypto exchange so I dont think it was on the supply side or there would probably be major news, unless they just aren't aware of it, but thanks for that. I imagine this person clicked some link and just doesn't remember or didn't know it was a link.
Discussion
That's probably the most likely scenario.
But you never know vulnerabilities or malicious code can be floating around for years and not get noticed. Wouldn't be the first time it happened.