It’s crypto 101 that you use a secure and opensource hardware wallet for holdings of substance, where the private key is kept offline from a computer connected to the internet (USB connection to the computer can be alright if properly engineered, same for BT…). And you never input your seed phrase representing your private key into an internet connected computer vulnerable to exploits, e.g. Windows, macOS, Android, iOS, Linux, BSD… holding an amount you’re not willing to lose. And it doesn’t sound like a fault of Ledger in this circumstance, but their software is not opensource, so I wouldn’t use their hardware or software. Most of the more reputable hardware wallet companies with their own software will sign the application with a PGP key or give at least a checksum, and then securely self update afterwards. And grab it directly from them. And for Bitcoin, Sparrow wallet is a solid option you can compile from source code yourself. If you don’t know how to protect seed phrases, learn before you do self custody of anything significant. And with being your own bank, you have to keep up with security best practices and always learning. Consequently, there are wonderful hardware wallets today with secure elements to protect your secret key, where you can self-custody with confidence.
Blockchain sleuth ZachXBT said Garrett Dutton’s 5.9 Bitcoin has already been sent to deposit addresses associated with KuCoin.
Update (April 14, 1:07 am UTC): This article has been updated to include a comment from Ledger chief technology officer Charles Guillemet.
Garrett Dutton, an American musician better known as “G. Love,” said he lost $420,000 worth of Bitcoin after installing a malicious app impersonating the self-custody crypto app Ledger Live from Apple’s App Store and entering his seed phrase.
“I had a really tough day,” Dutton told his 67,500 followers in a post on X on Saturday, adding that he lost his 5.9 Bitcoin, BTC $74,754, stash “in an instant” after spending about 10 years accumulating the coins to secure his retirement.
In a follow-up post, crypto sleuth ZachXBT said that Dutton’s Bitcoin has been sent to deposit addresses linked to the crypto exchange KuCoin across nine transactions. KuCoin replied to the post with a statement typically addressed to customers.
The incident highlights a continued problem that bad actors have posed in the crypto industry. On Tuesday, the US Federal Bureau of Investigation reported that Americans lost over $11 billion from crypto-related incidents in 2025, up from the $9 billion recorded the previous year.
Ledger chief technology officer Charles Guillemet told Cointelegraph that Ledger never asks users for their 24-word seed phrase.
”If anyone, or any app, is asking for your 24 words, assume something is wrong,” Guillemet said. “Ledger consistently reminds the community about this. You cannot trust the software environment around you — not your browser, not your app store, not your desktop.”
Dutton said he was tricked into sharing his seed phrase after downloading the malicious software on his new Apple MacBook Neo but didn’t share which link he used.
“I been in the crypto circus since 2017. Today they caught me off guard. It was my own damn fault for not being more diligent. But let it serve as a warning. There’s so many scams,” he added.
Cointelegraph was unable to find the fake Ledger app on Apple’s App Store at the time of writing. Cointelegraph reached out to Apple for comment but did not receive an immediate response.
Fake Ledger apps have appeared on Microsoft’s store
Scammers have been adopting this fake Ledger app strategy since at least 2023.
That year, almost $600,000 worth of Bitcoin was stolen from several users who downloaded a fake Ledger Live application from Microsoft’s app store.
Microsoft admitted that the malicious app had bypassed its review process and took it down shortly after.