CONSENSUS WIRE
← Back to Crime & Security

Fake Ledger Live App on Apple App Store Drains $9.5 Million in Crypto

Crime & SecurityAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

SAN FRANCISCO — A counterfeit version of the Ledger Live cryptocurrency wallet application distributed through Apple's App Store has drained approximately $9.5 million from at least 50 victims in a matter of days. The malicious software, which mimics the legitimate application used by Ledger hardware wallet owners, was available for download globally on macOS devices before being removed.

The incident, which came to light on April 14, 2026, marks a significant breach of trust in the digital asset security ecosystem. The fake app was designed to appear identical to the official Ledger Live software, which allows users to manage their crypto assets securely. Once installed, the malicious version reportedly intercepted private keys or transaction authorizations, allowing attackers to transfer funds from the victims' wallets to addresses controlled by the perpetrators.

Ledger, the French cybersecurity firm behind the popular hardware wallets, has confirmed the existence of the fraudulent application. The company stated that the app was not developed or authorized by them. Apple, which operates the App Store, has since removed the application following the discovery of the thefts. The timing of the removal remains unclear, but the damage was already done within a short window of availability.

Victims reported losing access to their digital assets after connecting their Ledger hardware wallets to the compromised software. The attack targeted users who downloaded the app believing it to be the official update or version of the wallet manager. The speed of the thefts suggests a coordinated effort by the malicious actors to maximize gains before detection.

Cybersecurity experts warn that this incident highlights the ongoing risks associated with downloading software from third-party app stores, even those with strict vetting processes. The sophistication of the fake app indicates a high level of technical skill and planning by the attackers. The use of a trusted platform like the Apple App Store to distribute malware undermines user confidence in the security measures of major technology companies.

The identity of the individuals or groups behind the attack remains unknown. Law enforcement agencies have not yet announced any arrests or identified suspects. The cryptocurrency addresses used to receive the stolen funds are being tracked by blockchain analysis firms, but the anonymity of digital currencies makes tracing the perpetrators challenging.

Ledger has advised users to verify the authenticity of the Ledger Live application before downloading or updating it. The company recommends downloading the software only from official sources and checking the developer name and app details carefully. Apple has not issued a public statement regarding the incident beyond the removal of the app.

As the investigation continues, the focus remains on recovering the stolen funds and preventing similar attacks in the future. The incident serves as a stark reminder of the vulnerabilities that exist in the digital asset space and the importance of vigilance among users and platform providers alike.