{"id":16825,"date":"2026-04-15T10:33:32","date_gmt":"2026-04-15T17:33:32","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=16825"},"modified":"2026-04-15T10:35:39","modified_gmt":"2026-04-15T17:35:39","slug":"fake-ledger-live-app-on-apples-app-store-stole-9-5m-in-crypto","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2026\/04\/15\/fake-ledger-live-app-on-apples-app-store-stole-9-5m-in-crypto\/","title":{"rendered":"Fake Ledger Live App on Apple\u2019s App Store Stole $9.5m in Crypto"},"content":{"rendered":"\n

A follow up report on the my post<\/a> from yesterday that confirms this was in the Apple app store, and more people have been robbed. Per the musician yesterday, the app requested him to input his seed phrase into the computer, representing his private key, which an experienced user would know not to do as the whole purpose of a hardware wallet is to keep your private key with verification and transaction signing on the hardware wallet and off the exploitable computer. Another big red flag was the company name in the Apple app store. And worth pointing out that these operating systems want to limit software to their app stores and prevent you from installing other software, where these people wouldn’t have been hacked if they got the software from the manufacturer directly while verifying it.<\/p>\n\n\n\n

https:\/\/www.bleepingcomputer.com\/news\/security\/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

By Bill Toulas<\/p>\n\n\n\n

\"Fake<\/figure>\n\n\n\n

A malicious Ledger Live app for macOS available from Apple\u2019s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month.<\/p>\n\n\n\n

Users who downloaded the fake Ledger app were tricked into entering their seed\/recovery phrases, thus giving attackers full access to their wallets and allowing them to send digital assets to external addresses under their control.<\/p>\n\n\n\n

According to blockchain investigator ZachXBT<\/a>, the attackers used several wallet addresses<\/a> to receive funds across multiple chains, including Bitcoin, Ethereum, Tron, Solana, and Ripple.<\/p>\n\n\n\n

The stolen amounts were then laundered through more than 150 deposit addresses on KuCoin, linked to a centralized mixing service called \u201cAudiA6,\u201d which launders crypto in exchange for high fees.<\/p>\n\n\n\n

\"Malicious
Malicious transactions<\/strong>
Source: ZachXBT<\/em><\/figcaption><\/figure>\n\n\n\n

The investigator tracked three individual victims losing seven-figure amounts ($3.23 million, $2.08 million, and $1.95 million) between April 8 and April 11.<\/p>\n\n\n\n

Musician G. Love stated on X that he also lost 5.9 BTC (currently $430k) after downloading the app. This loss was also traced and confirmed by ZachXBT.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

According to a Reddit discussion<\/a>, the fake app was submitted to the Apple App Store under the publisher name \u2018Leva Heal Limited,\u2019 an account not associated with the real Ledger development team.<\/p>\n\n\n\n

The malicious actor also created a fake version history by releasing major new versions every few days, going from 1.0 to 5.0 within just two weeks.<\/p>\n\n\n\n

\"\"
Details of the fake Ledger app<\/strong>
Source: Reddit<\/em><\/figcaption><\/figure>\n\n\n\n

Following multiple user reports, Apple has now removed the fake app from the App Store, but not before 50 users lost a total of $9.5 million.<\/p>\n\n\n\n

BleepingComputer has reached out to Apple for a comment, but we have not received a response yet.<\/p>\n\n\n\n

Meanwhile, KuCoin, which has been accused of violating anti-money laundering laws<\/a> in the past and was even ordered to pay $300 million in penalties<\/a> in the U.S. last year, announced that it has frozen the accounts<\/a> involved in the latest scheme.<\/p>\n\n\n\n

However, the platform noted that the freeze will only last until April 20. Beyond that date, the freeze can be extended via an official request from law enforcement authorities.<\/p>\n\n\n\n

It is important to note that Ledger offers a Mac app<\/a> on its website, but not in the Apple App Store, where only an iOS-compatible version is available<\/a>.<\/p>\n\n\n\n

Threat actors have attempted to exploit this availability gap<\/a> again in the past, even targeting the Microsoft Store in 2023, stealing $768,000<\/a> worth of cryptocurrency.<\/p>\n","protected":false},"excerpt":{"rendered":"

A follow up report on the my post from yesterday that confirms this was in the Apple app store, and more people have been robbed. Per the musician yesterday, the app requested him to input his seed phrase into the computer, representing his private key, which an experienced user would know not to do as […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-16825","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/16825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=16825"}],"version-history":[{"count":3,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/16825\/revisions"}],"predecessor-version":[{"id":16832,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/16825\/revisions\/16832"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=16825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=16825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=16825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}