A fraudulent Ledger Live application distributed through Apple’s App Store enabled attackers to steal approximately $9.5 million in bitcoin within one week. The incident exposes a critical trust gap between centralized app distribution platforms and crypto’s self-custody security model.
Oliver Knight
Blockchain investigator ZachXBT traced the thefts after victims unknowingly entered seed phrases into the impersonating app. One user, musician Garrett Dutton, reported losing 5.92 bitcoin (BTC) accumulated over ten years after installing the fake software on a new device. The malicious app appeared in App Store search results with branding that closely matched the legitimate Ledger interface.
Why Do Fake Wallet Apps Bypass Platform Reviews?
The attack mirrors a 2023 incident in Microsoft’s app store that resulted in roughly $600,000 in losses using the same method. Both cases relied on social engineering rather than technical exploits, exploiting user assumptions that official app marketplaces vet software integrity. Total annual crypto scam losses exceeded $1.7 billion in 2023, according to Chainalysis, placing this event within a broader pattern of trust-based attacks.
“The moment a user types their seed phrase into any app, website, or keyboard, the hardware wallet’s protection is eliminated,” security experts noted in guidance following the breach.
Ledger’s official setup process never requests a seed phrase through software interfaces, reinforcing that such prompts signal malicious intent.
ZachXBT tracked the stolen funds through nine transactions into deposit addresses at KuCoin linked to the AudiA6 mixing service. Recovery appears unlikely without coordinated law enforcement action and exchange cooperation, particularly as KuCoin faces regulatory scrutiny, including restrictions on onboarding new European Union users following action by Austrian authorities.
The incident has triggered discussion of potential legal liability for platform operators, including Apple, over app review failures. The next catalyst will be whether regulators impose stricter controls on crypto-related applications within centralized app marketplaces.
