Screenshots lie, app badges lie, and apparently even the App Store can cosplay as trust. That was the mood on CT this week after onchain sleuth ZachXBT said a fake Ledger Live app listed on Apple's App Store helped drain roughly $9.5 million in crypto from users over just a few days. [1]
The key claim landed Tuesday via ZachXBT's Telegram channel: more than 50 suspected victims were hit between April 7 and April 13, with losses spanning Bitcoin$62,538.74, Solana$79.10, TRON$0.3407, XRP$1.1004 Ledger, Ethereum$1,686.33, and other EVM-compatible networks. Apple removed the app on April 13, according to the investigator, but by then the damage was already very real. [2]
Enjoy articles without ads?
Register for free and get unlimited access to all articles.
What happened
ZachXBT linked the thefts to a counterfeit version of Ledger Live, the companion software used by owners of Ledger hardware wallets to manage assets. The fake app appears to have slipped through Apple's review process and presented itself as a legitimate portal for wallet management, a setup almost engineered to exploit one of crypto's oldest reflexes: if it looks official enough, people will click.
That trust gap matters more here because Ledger users are not typically beginners parking $50 worth of memecoins. Hardware wallet holders tend to be the self-custody crowd, people explicitly trying to reduce platform risk. A scam that targets them through a mainstream app marketplace flips the usual script. The threat is no longer just a sketchy link in a Discord DM, it is software distributed inside a walled garden that consumers are trained to treat as safer. [3]
The scale of the losses
The headline number is $9.5 million, attributed to over 50 suspected victims. ZachXBT also flagged three seven-figure losses among the cases reviewed, which suggests this was not a long-tail retail scam alone. A handful of larger wallets appear to have materially boosted the total haul. [4]
The cross-chain footprint is another tell. Funds were allegedly stolen across multiple major ecosystems rather than isolated to one chain or wallet type. That points to a campaign built for broad extraction, not a one-off phishing page catching the occasional user.
Where the money allegedly went
According to ZachXBT, the stolen assets were funneled through more than 150 KuCoin$8.5445 deposit addresses linked to "AudiA6," which he described as a centralized mixing service. In plain English, a mixer is a laundering tool designed to make tracing funds harder by blending flows across many addresses and transactions. [5]
That detail is important for two reasons. First, it suggests a fairly organized post-theft pipeline rather than opportunistic smash-and-grab behavior. Second, centralized exchange deposit infrastructure remains one of the few pressure points where investigators, exchanges, and potentially law enforcement can sometimes intervene, assuming accounts are identified in time and compliance teams move quickly.
The use of such a large number of deposit addresses also indicates deliberate fragmentation. Breaking stolen funds into many streams can complicate attribution and slow recovery efforts, especially when victims are spread across different chains and jurisdictions.
Why this is awkward for Apple
Crypto scams on fake websites are sadly routine. Crypto scams on a major consumer app store hit differently. ZachXBT explicitly questioned Apple's liability, and that is likely where this story sticks beyond the immediate theft totals.
Apple's App Store pitch has always leaned on safety, curation, and review. If a counterfeit wallet management app can pass that filter and remain live long enough to facilitate millions in losses, the platform's security halo takes a hit. For crypto users, the takeaway is blunt: app-store distribution is not a substitute for software verification. [3]
That does not automatically mean Apple is legally responsible for user losses. It does mean the company will face harder questions about impersonation checks, app publisher vetting, response times, and whether high-risk financial or crypto-branded apps need stricter review standards.
Why users were vulnerable
The scam likely worked because it weaponized familiarity. "Ledger Live" is not some obscure tool. It is the expected interface for a huge installed base of hardware wallet customers. A convincing copy inside the official App Store lowers suspicion fast.
This kind of attack also exploits a subtle behavioral trap in self-custody culture. Users are told, correctly, to avoid random links and hold their own keys. But many still rely on centralized distribution channels for wallet software updates and downloads. That dependency becomes the weak point if the store itself is compromised by impersonators.
There is a persistent myth that better custody tools automatically reduce scam exposure. They reduce some risks, yes. They do not remove social engineering, impersonation, or supply-chain style attacks. If anything, premium wallet brands create premium phishing opportunities.
This incident is also a reminder that chain transparency helps after the fact, not before the click. Investigators can trace flows, cluster addresses, and map laundering routes, but none of that restores funds instantly. Prevention still beats forensic threads every time.
The bottom line
The fake Ledger Live app case is not just another scam story with a scary number attached. It is a trust stack failure: a well-known wallet brand, a mainstream app marketplace, and users who thought they were following best practices.
For readers, the practical move is boring but effective. Download wallet software only through a vendor's verified website, cross-check the publisher name, and treat app-store search results as ads for your paranoia, not proof of legitimacy. Apple may have removed this app on April 13, but the bigger issue remains. If fake wallet apps can make it through review once, they can try again.
Your reviews help us improve the quality of both current and future articles. All reviews are public and visible to other readers. We use both ratings and comments to improve future articles and to revise any articles that do not meet our standards.
See more like this on Google
