An on-chain investigation by researcher ZachXBT alleges that more than $9.5 million in cryptocurrency was stolen in a one-week span through a counterfeit “Ledger Live” app listed on Apple’s App Store, with proceeds routed through over 150 KuCoin deposit addresses. The analysis also indicates more than 50 victims were affected.
Alleged Theft via Fake Ledger Live App
According to ZachXBT’s public posts, attackers distributed a fraudulent version of Ledger Live—the companion application for Ledger hardware wallets—via Apple’s App Store. Victims who downloaded the impostor app and interacted with it reportedly had funds drained from their wallets. The investigator estimates losses exceeding $9.5 million within a single week and cites more than 50 impacted users.
Ledger manufactures hardware wallets designed to keep private keys offline; Ledger Live is the official software interface used to manage assets and initiate transactions. Imposter applications that mimic trusted wallet brands have been a recurring attack vector across major app marketplaces.
Funds Traced to KuCoin Deposit Addresses
ZachXBT stated that the stolen funds were funneled through a network of more than 150 deposit addresses associated with the cryptocurrency exchange KuCoin. The activity, as described, suggests the attackers attempted to consolidate or launder proceeds through exchange accounts after siphoning assets from victims.
The investigator’s posts also referenced musician G. Love as among those affected. Further details about individual victim losses were not independently verified at press time.
Growing Risk From Imposter Wallet Apps
Scams leveraging fake wallet or exchange apps continue to target retail users by exploiting brand trust and search visibility in official app stores. These schemes often prompt users to enter seed phrases or sign malicious transactions, enabling attackers to seize control of funds.
Users can reduce risk by:
- Installing wallet software only via links on the manufacturer’s official website.
- Verifying the developer/publisher name and app reviews before downloading.
- Never entering a wallet’s seed phrase into a mobile or desktop app that requests it unexpectedly.
- Testing with small amounts first and confirming transaction details before signing.
What’s Next
The allegations highlight ongoing challenges for app store screening and exchange compliance teams amid persistent crypto-targeted fraud. As of publication, no official statements from Apple, Ledger, or KuCoin regarding the specific claims had been cited by the investigator. This story will be updated if additional confirmations or responses become available.