A counterfeit version of the Ledger Live cryptocurrency wallet app available on Apple’s macOS App Store siphoned roughly $9.5 million from more than 50 victims in just one week. Blockchain investigator ZachXBT first detailed the phishing operation on his Telegram channel, tracing the stolen assets across Bitcoin, Ethereum-compatible chains, Tron, Solana and XRP. The malicious software prompted users to input their 24-word recovery phrases before draining connected hardware wallets. Apple removed the app shortly after the exposure.
Scam App Bypasses Review
The fraudulent Ledger Live clone evaded Apple’s App Store vetting process and appeared legitimate to unsuspecting users searching for the official wallet manager. Between April 7 and April 13, victims downloaded the app while setting up new Mac devices or restoring existing Ledger hardware wallets. Once installed, the program displayed interfaces nearly identical to the genuine software and immediately solicited seed phrases under the guise of wallet synchronization.
On-chain records show the pilfered funds totaling $9.5 million were consolidated and forwarded through more than 150 distinct KuCoin deposit addresses within hours of each theft. Three of the largest victims each lost seven-figure sums, with the top individual case involving 5.92 BTC worth approximately $424,000. The rapid laundering pattern indicates professional operators who converted and dispersed the cryptocurrency to obscure trails.
Ledger’s chief technology officer, Charles Guillemet, confirmed the company has never distributed its official Live software through consumer app stores and explicitly warns that legitimate applications never request 24-word phrases.
Victims Report Total Losses
Users who fell for the scam described immediate and irreversible depletion of their holdings, with several characterizing the incident as the loss of life savings accumulated over nearly a decade. One prominent victim, musician Garrett Dutton (known as G. Love), publicly stated on X that his entire Bitcoin retirement fund vanished “in an instant” after he followed the fake app’s instructions on a new MacBook.
Multiple affected parties have since contacted on-chain analysts seeking recovery assistance, though the funds’ movement to exchange deposit addresses has complicated tracing efforts. The scale and speed of the operation have prompted speculation about potential class-action litigation against Apple for alleged deficiencies in its review process, as similar fake crypto wallet incidents have previously slipped through on other platforms. Industry observers note that the presence of fabricated five-star reviews praising the app’s “smooth and reliable” performance further misled downloaders.
Key Incident Summary
- Counterfeit Ledger Live app remained live on macOS App Store for roughly two weeks until removal on April 14.
- Theft period spanned April 7 to 13, affecting over 50 users across five major blockchains.
- Stolen $9.5 million routed via 150 plus KuCoin deposit addresses for laundering.
- Official Ledger software never requests 24-word seed phrases; victims were tricked into entering recovery information.
