Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft
🚨 Fake Ledger Live App Alert!
A fake application posing as “Ledger Live” on the Apple App Store has been linked to more than $9.5 million in cryptocurrency theft, affecting over 50 users within just one week. This alarming activity was identified by blockchain investigator ZachXBT, who reported that the incidents occurred between April 7 and April 13, with victims losing funds on multiple networks, including Bitcoin, Ethereum, Solana, Tron, and XRP. This indicates a large-scale attack rather than a chain-specific exploit.
The malicious app mimicked the official Ledger Live interface and branding. It was listed under the developer name “SAS Software Company” and published by “Leva Heal Limited.” The listing included positive user reviews and standard App Store metadata, which contributed to its credibility. Users who downloaded the app were prompted to input sensitive wallet information, which was then used to access and drain funds from their accounts.
đź’° How the Theft Happened
According to ZackXBT’s transaction analysis on Telegram, stolen assets were transferred through a network of intermediary wallets before being consolidated into more than 150 deposit addresses associated with the crypto exchange KuCoin. Following this step, the funds were sent through a centralized mixing service known as “AudiA6,” which charges high fees to make the transactions difficult to trace. ZachXBT also identified several wallet addresses across multiple blockchains where the stolen funds were first sent. Among the reported cases, several victims experienced losses exceeding seven figures. These included approximately $3.23 million in USDT on April 9, approximately $2.079 million in USDC on April 11, and combined losses of roughly $1.95 million in Bitcoin, ETH, and staked ETH on April 8. These incidents occurred shortly after victims interacted with the fake application.
🔍 Mapped Victim Wallets
Suspected victim wallets and transaction flows mapped include:
- bc1qf7wdsx03xdwkqxznjzfhz2q98law46yyje5rvy
- bc1q34u3g5r0m00a9dk6trhj6e69vgzvdaw8xnt6dl
- 0x6876e75730125618d09df064091a1094275bda39
- 0x2cddfc496c9ba7765955773f4dcc5920cc147d72
- TLPgiPEniadnUNKMApu4oGZynwzvUbUUTs
- 2bmPSvwCYnQAeJW115vuLDgKSdf5Nn3sBqgYTpTwxKiV
- FCPwCE4TNuQKwLwPJrfvSTfSdhN6a7Nc6mtHi8yuFt7p
- rnrQZFpVCUcNgi9dBrSd7BcEnLNooGcBUQ
âť— Conclusion
The app has since been removed from the Apple App Store. However, its presence and ability to attract users have raised questions about Apple’s app review processes. The way the funds moved has also put KuCoin back in focus, as the exchange has already faced action from regulators in several regions over its anti-money laundering controls. This is not the first time Apple’s review process has allowed copycat and malicious apps into its Store. In one case, a fake version of the Rabby Wallet appeared on the App Store before the official app was even approved, leading to users losing funds. It is also worth noting that in November 2023, Microsoft approved a fake Ledger Live app on its store. That app infected users’ devices with malware, leading to the theft of around $800,000 in Bitcoin and Ethereum. Part of the confusion here comes from Ledger’s ongoing naming change from “Ledger Live” to “Ledger Wallet,” but both names are still in use across apps, websites, and search results. That overlap can make it harder for users to know what’s official.