Jamal Al-Farouq Onchain investigator Zachxbt has revealed that a deceptive Ledger Live application was uploaded to the Microsoft App Store, which has subsequently resulted in the theft of over $768,000 from unsuspecting users. Notably, this sum included the equivalent of 16.8 bitcoins valued at approximately $588,000.
Over $760,000 in Cryptocurrency Pilfered via Counterfeit Ledger App on Microsoft Platform
Zachxbt’s recent disclosure has brought to light the infiltration of a fraudulent Ledger Live application onto the Microsoft App Store. This application impersonated the official software of Ledger, a widely recognized company in the realm of cryptocurrency hardware wallets. Since this discovery, the fake app has been excised from the Microsoft App Store.
On a social media platform referred to as X, Zachxbt issued a “Community Alert” warning about the sham Ledger Live app responsible for the theft of over 16.8 bitcoins totaling around $588K. The losses extended beyond Bitcoin, as it was found that an individual with an ETH/BSC address had been scammed out of $180,000 due to the malicious application. Questions arose regarding the feasibility of such an occurrence, to which Zachxbt responded that application stores often fail to exercise thorough scrutiny over the apps they host. This was not an isolated incident, as highlighted by the appearance of a spurious app named “Trezor Wallet Suite” in the Apple App Store earlier in the year, despite the fact that Trezor does not offer an iOS app.
A Defrauded User and Ledger’s Response to the Scam
In a comparable episode in March 2021, an individual was deceived by a fake Trezor app available on the Apple App Store, resulting in the loss of his entire bitcoin holdings amounting to 17.1 bitcoins. The victim’s resentment was directed more towards Apple for allowing the app’s presence rather than the thieves themselves, according to his interview with The Washington Post.
When such fraudulent activities come to light, companies like Apple claim to act decisively against the perpetrators and to implement measures to prevent future occurrences. Unfortunately, the app stores of major players like Microsoft, Apple, and Google have occasionally allowed the proliferation of imposter apps pretending to be genuine, thereby risking user security. These rogue apps are typically designed to phish for sensitive information such as seed phrases or login credentials, with the aim of draining users’ crypto wallets. Users are advised to remain alert and scrutinize applications carefully for any signs of illegitimacy, including spelling errors, inconsistencies in icons or descriptions, and verifying the provided developer contact information.
Ledger’s customer service representatives took to Twitter to caution users about the fraudulent app on the Microsoft Store. They advised that the official Ledger Live app should only be downloaded from Ledger’s website and reiterated that the company never asks for the 24-word recovery phrase, which is critical for safeguarding user assets. Ledger has not only informed its user base but also notified Microsoft regarding the counterfeit software.
The infiltration of the counterfeit Ledger app into the Microsoft store has sparked discussions and concern. We invite you to share your views and insights on this matter in the comment section below.
Table Of Contents
Frequently Asked Questions (FAQs) about counterfeit Ledger Live app
What was the recent scam involving a Ledger application on the Microsoft App Store?
A fraudulent application mimicking Ledger Live was illicitly uploaded to the Microsoft App Store, leading to the theft of more than $768,000 from users. This application was designed to look like the genuine interface used by Ledger, a prominent cryptocurrency hardware wallet producer. It tricked users into entering sensitive information, resulting in substantial financial losses.
How much cryptocurrency was stolen through the fake Ledger app?
Hackers managed to steal over $768,000 in various cryptocurrencies. Specifically, they obtained over 16.8 bitcoins, which at the time were worth approximately $588,000, along with an additional $180,000 stolen from a user with an ETH/BSC address through the counterfeit application.
How do fake applications manage to appear on official app stores?
Fake applications can sometimes bypass the security measures of official app stores due to insufficient vetting processes. These apps often appear legitimate and can deceive users into downloading them. They are designed to phish for users’ private information, such as seed phrases or login credentials, to gain unauthorized access to cryptocurrency funds.
What should users do to ensure the legitimacy of an application before downloading?
Users should always exercise caution and conduct due diligence before downloading any application, especially those related to financial management or cryptocurrencies. Verifying the app’s legitimacy includes checking for any spelling mistakes, inconsistencies in app icons or descriptions, and confirming the developer’s contact details. It is safest to download apps from official sources or directly from the service provider’s website.
What has Ledger’s response been to the counterfeit app scam?
Ledger’s support team actively informed the community about the counterfeit Ledger Live app via Twitter, emphasizing that the only secure source to download the genuine Ledger Live application is directly from Ledger’s official website. They also reminded users that Ledger will never ask for their 24-word recovery phrase, which is integral for securing their assets. Ledger reported the issue to Microsoft to have the fake app removed and to prevent further incidents.
More about counterfeit Ledger Live app
- Zachxbt’s Twitter Alert
- Ledger Official Website
- The Washington Post Interview on Crypto Scams
- Microsoft App Store Security
- Apple’s Response to App Store Scams
- Google Play Store Developer Contact Guidelines
5 comments
it’s things like this that put people off crypto, the security should be top-notch on platforms like the microsoft store, what are they doing over there.
Saw zachxbt’s tweet on this, it’s scary to think you could lose all your investment just like that! Ledger’s doing good warning people, but the stores gotta step up.
read the article, this is why i’m paranoid about downloading any crypto related apps these days, too many horror stories, everyone should double-check the sources i guess.
just read about the scam, can’t believe these things still happen, how can Microsoft not catch this stuff? They need better checks, like seriously.
no way i’d fall for that but then again i triple check everything, my friend wasn’t so lucky a while back, lost a few eth to a fake app, people be careful out there.