- Nearly $10 million in crypto was stolen from fake Ledger app downloads on the App Store, an investigation shows.
- Apple removed the app this week.
- Apple told DL News that it works hard to fight malicious apps.
Apple has defended its record on tackling dodgy apps on its store after an investigation this week showed hackers stole nearly $10 million in crypto via a fake Ledger crypto wallet.
Blockchain sleuth ZachXBT on Tuesday said he’d found that $9.5 million in Bitcoin, Solana, Tron, and other cryptocurrencies had been stolen in April after users downloaded a malicious app.
A spokesperson for Apple told DL News that the company removed the app due to its bait-and-switch functionality and that the developer’s account had been suspended.
In 2024, Apple rejected over 320,000 app submissions that were found to be spam or copying other apps, and took action to prevent over 37,000 potentially fraudulent products from reaching users on the App Store, said the spokesperson.
Popular crypto wallet Ledger did not immediately respond to questions from DL News.
High-profile case
The case first got attention at the weekend after American singer G. Love posted on X that he had lost 5.9 Bitcoins — worth over $436,293 at today’s prices — after downloading the app.
“I had a really tough day today I lost my retirement fund in a hack/scam when I switched my Ledger over to my new computer and by accident downloaded a malicious Ledger app from the Apple store,” he wrote. “All my BTC gone in an instant.”
G. Love, the frontman of G. Love & Special Sauce, said that he was “tricked” into putting his seed phrase into the app after downloading it.
“I been in the crypto circus since 2017. Today they caught me off guard,” he added.
Neither G. Love nor his management responded to questions from DL News.
The theft
The theft saw crypto stolen from over 50 suspected victims between April 7 to 13, according to ZachXBT’s investigation.
Funds were then moved from crypto exchange KuCoin addresses and laundered through a centralised mixer called AudiA6, he noted.
The biggest losses came from three victims who lost a combined total of $7.25 million — mostly in the form of USDC and USDT, the investigator said.
Dodgy apps
Cybercriminals have been using fake apps and ads for years to steal crypto.
In 2023, ZachXBT flagged that over half a million dollars in Bitcoin had been lost after users downloaded a fake Ledger crypto wallet app from the Microsoft App Store.
The rich and famous people aren’t immune to scams, either.
The same year, billionaire Shark Tank host and Dallas Mavericks owner Mark Cuban lost nearly $900,000 in crypto after accidentally downloading a fake version of crypto wallet MetaMask that popped up in the form of an advert on Google.
Cuban only realised he’d been targeted after DL News contacted him to flag the attack.
Mathew Di Salvo is a news correspondent with DL News. Got a tip? Email at mdisalvo@dlnews.com.
