- Musician lost 5.92 BTC after downloading fake Ledger app
- Scam app appeared directly on Apple’s Mac App Store
- Funds traced to exchange wallets with little recovery hope
This one hits differently because it wasn’t some obscure phishing link or shady website. It was Apple’s App Store. Musician G. Love lost 5.92 BTC, essentially his retirement fund, after downloading what looked like a legitimate Ledger Live app on a new MacBook. Everything checked out on the surface, branding, interface, even the name.
Then it asked for his 24-word seed phrase. He entered it, and just like that, it was over. No hack, no exploit, just a fake app sitting in a place people are trained to trust.
The Attack Was Simple, Not Sophisticated
What makes this more unsettling is how basic the attack was. The app didn’t need advanced code or vulnerabilities, it just needed to look real enough. And apparently, it did.
Ledger has always made it clear that its official app isn’t distributed through app stores like this. But that warning doesn’t help much if users never see it, especially when the fake version is right there in a trusted marketplace. It’s a simple trap, but it works because of where it lives.
The Bitcoin Is Likely Gone
Blockchain investigator ZachXBT tracked the stolen funds through nine transactions, eventually linking them to KuCoin deposit addresses. That’s usually where the trail starts to fade, especially if the exchange doesn’t intervene quickly.
And in this case, expectations are low. Recovery isn’t impossible in crypto, but it’s rare, especially once funds move through multiple hops. The speed and structure of the transfers suggest this was planned, not opportunistic.
Apple’s Silence Raises Questions
What’s also drawing attention is Apple’s response, or lack of one. There hasn’t been any public statement addressing the fake app, the theft, or claims that attempts to document the issue were suppressed.
That silence matters. App stores are supposed to act as a filter, a layer of trust. When something like this slips through, and there’s no immediate response, it raises bigger concerns about how these platforms handle risk.
This Isn’t the First Time
Similar incidents have happened before. Microsoft’s store saw a nearly identical scam in 2023, which drained hundreds of thousands of dollars before being taken down. Different platform, same outcome, fake app, real losses.
The pattern is becoming clearer. Centralized app stores aren’t immune to crypto scams, and in some cases, they might even make them more effective by giving them a sense of legitimacy.
Crypto Security Still Comes Down to One Rule
At the end of the day, this comes back to a rule that’s been repeated for years, never share your seed phrase. Not for setup, not for recovery, not for anything. Once it’s entered into the wrong place, there’s no undo button.
It’s a harsh lesson, and in this case, an expensive one. But it also highlights something bigger, even trusted platforms can’t always be trusted fully. And in crypto, that assumption can cost everything.
