Fake Ledger App on Apple’s App Store Tied to $9.5 Million in Losses Over a Week

A phishing attack involving a fake Ledger app listed on Apple’s App Store has led to a large-scale theft of crypto assets.

CoinDesk reported on April 14 that the fake Ledger Live app circulated through the App Store and caused at least $9.5 million in losses.

The attack lasted about a week, from April 7 to April 13. More than 50 users across multiple blockchains were affected, including holders of Bitcoin (BTC), Ether (ETH), Solana (SOL), Tron (TRX) and XRP.

Victims mistook the app for the legitimate version and entered their recovery phrases, or seed phrases. That gave the attackers access to their wallets.

In one case, a user said about 5.9 BTC was stolen, wiping out savings accumulated over a decade. The user said the money had been intended for retirement.

Blockchain investigator ZachXBT said tracing showed the stolen funds moved through multiple transactions before reaching KuCoin deposit addresses. He said the pattern was consistent with a centralized money-laundering service known as AudiA6.

The stolen funds were routed through more than 150 KuCoin deposit addresses in the incident. KuCoin has recently faced controversy, including restrictions on new users in Europe tied to regulatory issues.

Apple removed the fake app from the App Store, but questions remain over how it passed the company’s review process and how long it was available. Some have raised the possibility that the incident could lead to a class-action lawsuit.

Ledger, meanwhile, reiterated its security guidance for users. Charles Guillemet, the company’s chief technology officer, said Ledger never asks users to enter their 24-word recovery phrase under any circumstances. Any app or individual requesting it should be treated with immediate suspicion.

He added that software environments such as browsers and app stores are not trustworthy, and private keys should be managed only on hardware devices. “The recovery phrase is the wallet itself,” he said.