Apple Removes Fake Ledger Live App After $9.5M Crypto Loss

Key Moments

Fraudulent Ledger App Removed After Multi-Million-Dollar Losses

Apple has taken down a fake version of the Ledger Live application from its App Store after the malicious software siphoned roughly $9.5 million in crypto assets from more than 50 investors between April 7 and 13. The scale of the theft was detailed through onchain analysis conducted by blockchain investigator ZachXBT.

The company confirmed to Cointelegraph on Tuesday that it had terminated the developer account behind the fraudulent app, which was listed under the name “SAS Software Company.” According to Apple, the scheme relied on a bait-and-switch approach designed to deceive users into revealing their seed phrases, granting the attackers full control over victims’ funds.

Concentration of Losses Among a Few Large Victims

The financial impact of the scam fell disproportionately on a small number of users. Three victims alone accounted for more than $7 million in losses across various cryptocurrencies.

Smaller investors were also hit. Among them was Garrett Dutton, the American musician known as “G. Love,” who publicly revealed that he lost $420,000 in Bitcoin – reportedly his retirement savings – after downloading and using the fraudulent Ledger-branded app.

Apple’s Broader Fight Against App Store Scams

The fake Ledger Live incident highlights persistent vulnerabilities in app marketplace vetting processes. Apple noted that bait-and-switch frauds are a recurring problem on its platform. In 2024 alone, the company stated it has removed or rejected more than 17,000 applications that employed similar tactics.

Beyond that, Apple reported blocking more than 37,000 potentially fraudulent apps and rejecting 320,000 submissions categorized as spam, copycat, or otherwise misleading. These figures underscore the scale of attempts by malicious actors to exploit user trust in official app distribution channels.

The operating model used in these scams is relatively consistent: developers submit benign-looking applications that pass the initial review, then subsequently alter screenshots and descriptions to impersonate established brands such as Ledger. Apple has been dealing with this category of tactic for years, including an incident in 2013 when a fake Pokémon Yellow clone briefly appeared in the App Store.

This case also follows a similar episode in late 2023, when scammers managed to slip a counterfeit Ledger application through Microsoft’s app store review process, leading to nearly $600,000 in stolen crypto.

Risk Management for Crypto Wallet Users

The recent string of fraudulent apps reinforces a critical point for crypto holders: listing on a major app store does not, by itself, confirm legitimacy. Ledger’s genuine mobile application is named “Ledger Live” and is distributed by Ledger directly, not by unrelated third-party developers.

Users are urged to verify the official publisher name, review download numbers, and examine review histories before installing wallet applications. A safer practice is to obtain wallet software only through official links provided on the hardware manufacturer’s website.

Security practices around seed phrases remain central. Seed phrases should not be entered into mobile applications. Legitimate hardware wallet software does not request complete seed phrase input during routine usage; this information is meant solely for device recovery performed on the hardware wallet itself.