Fake Ledger App on Apple Store Linked to $9.5M Theft

Onchain investigator ZachXBT said a fake Ledger Live app listed on Apple’s App Store was tied to about $9.5 million in crypto stolen from more than 50 suspected victims between April 7 and 13.

In a Tuesday Telegram post, ZachXBT said the alleged thefts affected users across Bitcoin, Solana, Tron, XRP Ledger and Ethereum Virtual Machine (EVM)-compatible networks. He claimed the stolen funds were laundered through over 150 KuCoin deposit addresses allegedly tied to AudiA6, which he described as a centralized mixing service. 

ZachXBT said the fake app was removed by Apple on April 13 and identified three seven-figure losses among the largest known cases. He said one victim lost about $1.95 million in Bitcoin (BTC), staked Ether (stETH) and Ether (ETH), another lost $3.23 million in USDt (USDT) on April 9, and a third victim lost about $2 million in USDC (USDC) on April 11.

ZachXBT said Kucoin had seen an increase in illicit activity recently, and pointed out that the company had been banned from onboarding new European Union users in February, shortly after receiving its Markets in Crypto Assets Regulation (MiCA) license. He also questioned whether the incident presented grounds for a class action against Apple.

Related: Counterhacker exposes DPRK unit that made $1M a month working IT jobs

Key details, including the total losses, victim count and laundering route, remain based on ZachXBT’s findings and had not been confirmed by Apple or KuCoin at publication. Cointelegraph asked both companies for comment but had not received a response by publication.

Ledger warns users never to enter seed phrase into apps

Ledger chief technology officer Charles Guillemet said in a statement to Cointelegraph that the company never asks users for their 24-word recovery phrase and warned that official-looking software environments should not be treated as inherently safe.

“You cannot trust the software environment around you – not your browser, not your app store, not your desktop,” Guillemet said, adding that attackers “operate wherever the opportunity exists,” including official distribution platforms. 

Related: Web3 hacks cost $482M in Q1 as phishing drives majority of losses: Hacken

The latest incident follows a smaller but similar case reported on Monday. Musician Garrett Dutton, also known as “G. Love,” said he lost about $420,000 in BTC after downloading a malicious app impersonating Ledger Live from Apple’s App Store and entering his seed phrase. ZachXBT said the stolen assets were sent to deposit addresses associated with KuCoin. 

Magazine: How AI just dramatically sped up the quantum risk for Bitcoin