Onchain investigator ZachXBT reported that a fraudulent Ledger Live application listed on Apple App Store was responsible for roughly $9.5 million in stolen cryptocurrency between April 7 and April 13. According to findings shared in a Telegram post, more than 50 suspected victims were affected across multiple blockchain networks, including Bitcoin, Ethereum, Solana, Tron, and XRP Ledger.
The stolen funds were reportedly routed through more than 150 deposit addresses linked to KuCoin, allegedly tied to a centralized mixing service known as AudiA6. The fake application was removed from the platform on April 13 after the thefts were identified.
Largest Victim Losses and Ongoing Investigation
Among the most significant cases, one victim reportedly lost about $1.95 million in Bitcoin, Ether, and staked Ether. Another lost $3.23 million in USDT on April 9, while a third saw approximately $2 million in USDC stolen on April 11. These figures remain based on ZachXBT’s investigation and have not yet been officially confirmed by Apple or KuCoin.
Security Warnings Highlight Seed Phrase Risks
Ledger’s chief technology officer, Charles Guillemet, emphasized that users should never enter their 24-word recovery phrase into any application. He warned that even official-looking software environments, including major app stores, can host malicious tools if attackers exploit distribution channels.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.
Leave a Reply