$588K of Bitcoin Stolen as Fake Ledger Live App Infiltrates Microsoft’s App Store
A scammer has stolen $588,000 of Bitcoin by uploading a fraudulent Ledger Live app onto Microsoft’s app store.
On Saturday, cryptocurrency investigator ZachXBT posted about the fake app on X (formerly Twitter), warning people to not download the fraudulent app titled “Ledger Live Web3”. The actual Ledger Live app is a user interface for offline cryptocurrency storage on Ledger hardware wallets, and allows Ledger users to simplify balance checks, make transfers and stake certain cryptocurrencies.
The fake Ledger Live app targeted PC users and had been awarded a 4.5 score by 16 users. The scammer used similar graphics to the original Ledger Live app to deceive customers and most likely wrote fake reviews to entice unsuspecting users.
“Once bought, your crypto will immediately be sent to the safety wallet of your hardware wallet,” one of the ratings with a five star noted.
The fake app also supported NFTs, seeking to appeal to a larger base of crypto customers. The app was published on Microsoft’s store on October 20, and allowed users to install it on up to ten devices, vastly increasing the scammer’s reach.
According to Blockchain.com, approximately 16.8 Bitcoin worth $588,000 has been received by the scammer across 38 transactions with the wallet address “bc1qg-xy64q”. The scammer has also conducted three outgoing transactions, with two on October 24 totaling about $87,000 and another one yesterday totaling almost $475,000.
ZachXBT later added that an additional $180,000 had been stolen across Ethereum and BNB Smart Chain (BSC), bringing the total to $770,000, while also asserting that Microsoft “should be held liable” for allowing the fraudulent app to be uploaded to its app store.
Microsoft has removed the fake Ledger Live app from its app store, but has not commented on the incident. Ledger addressed the scam this morning on X, once again warning their customers to never share their recovery phrase or type it into any app or website, and that Ledger Live is not distributed through Microsoft Store.
This isn’t the first time a fake Ledger Live app has popped up on Microsoft’s app store. Ledger’s support account on X has previously informed users about fake Ledger Live copycat apps on two separate occasions, in December 2022 and March 2023.
Cryptocurrency hacks are becoming increasingly prevalent. Last week, hackers managed to steal $4.4 million worth of crypto from LastPass, a popular password storage manager.