A fraudulent application on the App Store at the heart of a massive cryptocurrency theft

A fake Ledger Live application infiltrated on the App Store allowed the diversion of nearly 9.5 million dollars in cryptocurrencies in a few days. Behind this operation, attackers targeted dozens of users across several major blockchains, exploiting their trust by spreading a fake version of the app. This case highlights the rise of sophisticated frauds and reminds us that even official digital environments can hide invisible threats.

A fake Ledger Live infiltrates the App Store and steals 9.5 million dollars

A fake Ledger Live application, which managed to sneak onto Apple’s App Store, allowed nearly 9.5 million dollars in cryptocurrencies to be stolen in less than a week. In a message published on Telegram on Tuesday, on-chain investigator ZachXBT states that the scam affected more than fifty victims between April 7 and 13.

The operation hit multiple leading networks, notably Bitcoin, Ethereum, Solana, Tron, and the XRP Ledger. The damage is particularly heavy for some victims: three of them accumulate more than 7 million dollars in losses. The on-chain detective notably cites the theft of 3.23 million dollars in USDT and about 2 million in USDC, as well as the loss of 1.95 million dollars worth of assets staked (BTC, ETH).

Apple removed the fraudulent application on April 13 after its identification. According to information shared by ZachXBT, stolen funds were redirected to more than 150 addresses linked to the KuCoin exchange platform. Consequently, these stolen flows reportedly passed through a service described as a centralized mixer, making their tracking more complex. Furthermore, this situation occurs amid a rise in illicit activities recently observed on the platform, according to the on-chain investigator.

Charles Guillemet warns about security and recalls the risks related to software environments

Charles Guillemet, Chief Technology Officer of Ledger, recalls essential security rules in a context marked by the resurgence of cryptocurrency fraud. In a statement given to Cointelegraph, he specifies that the company never asks users for the 24-word recovery phrase. He especially insists on a key point:

You cannot trust the software environment around you—not your browser, nor your app store, nor your computer—because attackers operate wherever the opportunity arises.

Charles Guillemet

He thus emphasizes that even tools that seem official or secure can be compromised. In this perspective, users must adopt a permanent vigilance stance, facing threats capable of infiltrating all levels of the digital ecosystem.

In short, this case shows a persistent reality in the crypto ecosystem: even the most reputable exchange platforms are not immune to malicious infiltrations. This type of incident reminds us that security depends above all on individual vigilance. In an environment where threats evolve rapidly, it is essential to adopt strict practices, such as protecting your recovery phrase and systematically checking sources, to limit the risk of compromise.