An investigation by ZachXBT reveals a fraudulent Ledger Live app on the Apple App Store resulted in approximately $9.5 million in crypto thefts from over 50 victims. The stolen funds were allegedly laundered via a KuCoin-linked mixer. ZachXBT also raises questions about Apple's liability and highlights the vulnerability of users to malicious apps.
A Fake Ledger Live app on Apple’s store is tied to $9.5 million in crypto theft s, as ZachXBT links over 50 victims’ funds to a KuCoin-linked mixer and questions Apple’s liability.
Onchain investigator ZachXBT said a fake Ledger Live app listed on Apple’s App Store was tied to about $9.5 million in crypto stolen from more than 50 suspected victims between April 7 and 13., ZachXBT said the alleged thefts affected users across Bitcoin, Solana, Tron, XRP Ledger and Ethereum Virtual Machine -compatible networks.
He claimed the stolen funds were laundered through over 150 KuCoin deposit addresses allegedly tied to AudiA6, which he described as a centralized mixing service. ZachXBT said the fake app was removed by Apple on April 13 and identified three seven-figure losses among the largest known cases.
He said one victim lost about $1.95 million in Bitcoin license. He also questioned whether the incident presented grounds for a class action against Apple.
Key details, including the total losses, victim count and laundering route, remain based on ZachXBT’s findings and had not been confirmed by Apple or KuCoin at publication. Cointelegraph asked both companies for comment but had not received a response by publication.
Ledger chief technology officer Charles Guillemet said in a statement to Cointelegraph that the company never asks users for their 24-word recovery phrase and warned that“You cannot trust the software environment around you – not your browser, not your app store, not your desktop,” Guillemet said, adding that attackers “operate wherever the opportunity exists,” including official distribution platforms.
The latest incident follows a smaller but similar case reported on Monday. Musician Garrett Dutton, also known as “G. Love,” said heafter downloading a malicious app impersonating Ledger Live from Apple’s App Store and entering his seed phrase.
ZachXBT said the stolen assets were sent to deposit addresses associated with KuCoin.
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy
Crypto Theft Ledger Live Apple App Store Kucoin Zachxbt
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Musician loses $420K Bitcoin ‘retirement fund’ via fake Ledger appThe most recent news about crypto industry at Cointelegraph. Latest news about bitcoin, ethereum, blockchain, mining, cryptocurrency prices and more
Read more »
Fact check: Is Apple erasing Lebanese towns from Maps app?Several posts said that Apple had removed Lebanese village names as Israel intensified military operations in the region.
Read more »
Users Are Upset With The Newest Update For Apple TV's Netflix AppJosé is a tech journalist with ten years of experience covering Apple, AI, mobile innovation, and major industry shifts. He currently reports for BGR.com, where he writes daily stories about product launches, software updates, and the cultural impact of consumer technology.
Read more »
Popular Musician Loses Life Savings Through Malicious Crypto Wallet in Apple’s App StoreThe theft apparently combined a counterfeit app with a critical mistake by the musician.
Read more »
Your life savings could be gone in one click: How a fake crypto app bypassed Apple's securityA malicious Ledger Live clone slipped onto Apple’s App Store, draining millions from dozens of victims across multiple blockchains in a week-long phishing campaign.
Read more »
XRP Ledger adds zero-knowledge proofs targeting institutional privacy gapThe Boundless integration enables private transaction execution on XRPL while maintaining compliance, addressing what the company calls the 'transparency tax' that has held back institutional adoption of public blockchains.
Read more »