Briefly
- A faux Ledger Reside utility within the Mac App Retailer swiped crypto from greater than 50 customers, in keeping with evaluation from ZachXBT.
- Greater than $9.5 million in crypto funds like Bitcoin, Solana, and XRP have been stolen in whole, the blockchain sleuth stated.
- Musician G. Love was among the many victims, shedding greater than $400,000 in Bitcoin to the scheme.
A faux Mac app impersonating Ledger’s self-custody software program led to the lack of greater than $9.5 million in crypto belongings from over 50 whole customers within the final week, in keeping with a new investigation from pseudonymous on-chain sleuth, ZachXBT.
The appliance, which pretended to be the Ledger Reside app from which customers can handle belongings held by Ledger {hardware} units, impacted victims from April 7 till April 13, when it was faraway from the Apple App Retailer.
“Stolen funds have been laundered through 150+ KuCoin deposit addresses tied to AudiA6, a centralized mixing service that expenses excessive charges to launder illicit funds,” ZachXBT posted in a message to his Telegram channel.
In keeping with his evaluation, a minimum of three victims misplaced greater than $1.95 million apiece, with one pockets being drained of $3.27 million USDT. Swiped belongings included Bitcoin, Solana, XRP, USDT, and others.
Musician G. Love—aka Garrett Dutton, frontman of the long-running rock band G. Love & Particular Sauce—was among the many victims impacted by the faux app, shedding 5.92 BTC valued round $447,000. He shared his story on X over the weekend.
“I had a very powerful day immediately. I misplaced my retirement fund in a hack/rip-off once I switched my Ledger over to my new pc and by chance downloaded a malicious Ledger app from the Apple Retailer,” he posted on X on April 11. “All my BTC gone instantly.”
Hello I traced out your 5.92 BTC stolen and it was all laundered through @kucoincom deposit addresses within the following transactions:
6f5c8eb6b01774626f33527e0cb03c0d1860447acacd6079e69bf41b459bcf1f
9ee1288f941b2c3775ebd125eefeebdc713aa160bf2cf9d18661fd07f84ce891…— ZachXBT (@zachxbt) April 12, 2026
The faux app would stay within the App Retailer for practically two extra days, in keeping with ZachXBT’s evaluation. A consultant for Apple didn’t instantly reply to Decrypt’s request for remark.
Upon noting that the stolen funds had been traced to KuCoin, the trade’s assist crew responded to the musician, indicating that that they had frozen a suspicious account associated to the funds.
“Please notice that whereas we could help [in] freezing the suspicious account upon receipt of related data or a reputable criticism, such actions are nonetheless topic to due authorized paperwork and processes to make sure compliance,” it posted on X.
The trade has reportedly been coping with a rise in illicit exercise on its platform, in keeping with ZachXBT. Final month, it was barred from providing entry to U.S. customers except it registered as a overseas board of commerce. Final yr, KuCoin was hit with a $14 million nice, the most important ever anti-money laundering nice in Canadian historical past, by the nation’s monetary regulator.
Faux functions and web sites are among the many commonest phishing vectors for Ledger customers, in keeping with the agency’s devoted phishing marketing campaign web page, together with faux calls, emails, and letters.The U.S. Legal professional’s Workplace for the District of Connecticut not too long ago recovered $600,000 value of crypto belongings that had been a part of a fraud scheme utilizing faux letters presupposed to be from Ledger.
A consultant for Ledger didn’t instantly reply to Decrypt’s request for remark and it has not issued a public assertion in regards to the current phishing marketing campaign.
Every day Debrief E-newsletter
Begin daily with the highest information tales proper now, plus authentic options, a podcast, movies and extra.