A fake Ledger Live application on the Apple App Store has been linked to a multi-blockchain theft on April 14.
Between April 7 and April 13, attackers spoofed Ledger Live, an app for Ledger hardware wallet users to manage digital assets. This impersonation drained $9.5 million from over 50 victims, according to analysis shared by on-chain sleuth alias ZachXBT. The attack targeted multiple chains: Bitcoin (BTC), Ethereum Virtual Machine (EVM), Tron (TRX), Solana (SOL), and XRP Ledger (XRPL).
On-chain analysis showed the attacker laundered stolen funds through KuCoin cryptocurrency exchange and AudiA6, a centralized mixing platform. Meanwhile, Apple flagged the fake Ledger Live application as fraudulent and removed it on Monday.
Fake Ledger Live app weaponized trust on App Store
The fraudulent replica of Ledger Live passed Apple’s App Store review process and became discoverable by users seeking the legitimate platform. Since the fake version lacked visual features that set it apart from the real one, both novice and experienced crypto users were scammed.
The fake Ledger Live app asked users for a seed phrase, disguised as wallet restoration. Notably, the real Ledger Live app never asks for a seed phrase.
Meanwhile, users of the fake application unknowingly entered their seed phrase, thereby surrendering the master key to their entire crypto portfolio. As a result, the attacker seamlessly reconstructed the victims’ wallets on separate devices and systematically drained funds across multiple blockchain networks.
The largest confirmed loss was about $3.22 million in Tether (USDT), drained on April 9. On April 11, the attacker took $2.08 million in Circle’s USD Coin (USDC). As a result, ZachXBT suggested Apple could face a class-action lawsuit for allowing the fake app to pass its review process.
