Apple Pulls Fake Ledger App After $9.5M Theft

Apple has removed a fake Ledger Live app from the Mac App Store after blockchain investigator ZachXBT linked it to about $9.5 million in crypto theft from more than 50 suspected victims between April 7 and April 13. The stolen assets included Bitcoin, Ethereum-based tokens, Solana, Tron and XRP Ledger assets, making it one of the bigger wallet-impersonation scams to slip into an official app marketplace.

The case cuts against one of Apple’s main App Store claims: that its review process makes users safer than open software channels. In this case, the fake app appears to have stayed up long enough to catch dozens of victims before Apple took it down.

The app copied Ledger’s branding and asked for seed phrases

The fake software posed as Ledger Live, the companion app used with Ledger hardware wallets. Victims were prompted to enter their recovery phrases, giving the attackers direct access to the wallets tied to those words. Ledger says users should never enter a 24-word recovery phrase anywhere other than directly on their device and has long warned that fake

Ledger wallet apps are one of the most common scams aimed at its users. That detail matters because Ledger does not distribute its official Mac app through the Mac App Store. MacRumors reported that the real Ledger app is distributed through Ledger’s website, while the fake version used an Apple store listing to look legitimate enough for victims to trust it.

The losses spread quickly across multiple chains

ZachXBT said the stolen funds were laundered through more than 150 KuCoin deposit addresses allegedly tied to AudiA6, which he described as a centralised mixing service. He also identified three seven-figure losses among the known victims, including one wallet that lost about $3.23 million in USDT and others that lost roughly $2 million and $1.95 million in crypto assets.

One of the publicly identified victims was musician Garrett Dutton, known as G. Love, who said he lost nearly 6 BTC, worth about $424,000, after downloading the fake app while moving his Ledger setup to a new Apple computer. His case drew wider attention to the scam before the full scale of the losses became clear.

The takedown leaves harder questions for Apple

Apple has removed the fake app, but it has not explained how the software passed review or how long it was available before action was taken. MacRumors said the app may have been live for about two weeks, leaving open the possibility that more victims could still emerge as investigators continue tracing wallets.

For crypto users, the lesson is familiar but still costly. A hardware wallet cannot protect funds if the recovery phrase is handed to a fake app. For Apple this is a reminder that trust in an app store depends on the review process behind it, especially when a counterfeit wallet can drain millions before it is removed.