In short
- The fake Ledger Live program in the Mac App Store moved crypto from more than 50 users, according to ZachXBT’s analysis.
- More than $9.5 million in cryptocurrencies like Bitcoin, Solana, and XRP were stolen in total, the blockchain sleuth said.
- Musician G. Love was among the victims, losing more than $400,000 in Bitcoin to the scheme.
A fraudulent Mac app based on the self-sustaining Ledger led to the loss of more than $9.5 million in cryptocurrencies from 50 users last week, according to a new research from pseudonymous on-chain sleuth, ZachXBT.
The app, which masqueraded as the Ledger Live app through which users could manage Ledger hardware assets, affected victims from April 7 to April 13, when it was removed from the Apple App Store.
“The stolen funds were stolen through 150+ KuCoin addresses tied to AudiA6, a centralized hybrid service that charges illegal currency fees,” ZachXBT wrote in a message to its Telegram channel.
According to his analysis, at least three victims lost more than $1.95 million USDT, one wallet was lowered to $3.27 million USDT. Bathroom accessories are included Bitcoin, Solana, XRP images, USDTand others.
Musician G. Love—aka Garrett Dutton, frontman of the longtime rock group G. Love & Special Sauce—was among the victims of the scam, losing 5.92 BTC worth about $447,000. He shared his story on X over the weekend.
“I had a very difficult day today. I lost my retirement fund due to fraud/fraud when I changed my Ledger to use it on my new computer and accidentally downloaded a bad Ledger app from the Apple Store,” he said. dated X on April 11. “All my BTC is gone instantly.”
Hello, I found your 5.92 BTC stolen and it was stolen through @kucoincom Booking addresses for the following activities:
6f5c8eb6b01774626f33527e0cb03c0d1860447acd6079e69bf41b459bcf1f
9ee1288f941b2c3775ebd125eefeebdc713aa160bf2cf9d18661fd07f84ce891…— ZachXBT (@zachxbt) April 12, 2026
The fake app will remain in the App Store for two more days, according to ZachXBT’s analysis. An Apple representative did not immediately respond Decrypt’s ask for feedback.
After noticing that the stolen money had been traced to KuCoin, the exchange’s support team responded to the caller, indicating that they had suspended the suspicious account associated with the money.
“Please note that although we can assist (in) suspending a suspicious account when we receive relevant information or credible complaints, this should be followed by legal documents and procedures to ensure compliance,” wrote on X.
The exchange has reportedly been experiencing an increase in unauthorized activity on its platform, according to ZachXBT. Last month, it was banned providing access to US users unless it is registered as a foreign trade corporation. Last year, KuCoin was hit with a $14 million finethe largest anti-money laundering fine in Canadian history, imposed by the country’s financial regulator.
Fake services and websites are some of the most common scams for Ledger users, according to the company’s dedicated website, along with fake phone calls, emails, and letters. part of a fraudulent scheme using false letters says it’s from Ledger.
A representative for Ledger did not immediately respond Decrypt’s request for comment and has not publicly commented on the latest fraud campaign.
Daily Debrief A letter
Start each day with top stories right here, including originals, podcasts, videos and more.
