A $10 million crypto theft traced to a fake app exposes the risk of trusting official app stores

Over 50 people lost nearly $9.5 million in cryptocurrency after downloading a fake Ledger wallet app from the Apple App Store, believing it to be legitimate. The app, which Apple has since removed, used bait-and-switch tactics to trick users into entering their private seed phrases—handing hackers full access to their wallets. The largest losses came from three victims who lost $7.25 million, mostly in USDC and USDT, with stolen funds funneled through KuCoin and laundered via a centralized mixer called AudiA6. Among the victims was musician G. Love, who lost 5.9 Bitcoin—over $436,293 at current prices—after migrating to a new computer and downloading what he thought was the official Ledger app. He later admitted to being tricked into entering his seed phrase, despite having used crypto since 2017. Apple said it suspended the developer’s account and rejected over 320,000 app submissions in 2024 for spam or imitation, while blocking more than 37,000 potentially fraudulent products from reaching users. The breach mirrors earlier incidents: in 2023, a fake Ledger app on Microsoft’s store stole over $500,000, and billionaire Mark Cuban lost nearly $900,000 after clicking a counterfeit MetaMask ad on Google. Over 50 people lost nearly $9.5 million in cryptocurrency after downloading a fake Ledger wallet app from the Apple App Store, believing it to be legitimate.