FAKE LEDGER APP ON APP STORE STEALS $9.5M

A counterfeit Ledger Live application successfully infiltrated Apple's App Store, executing a coordinated theft that targeted cryptocurrency users across multiple blockchain networks. The fraudulent app operated between April 7 and April 13, compromising at least 50 user accounts before detection. Total losses reached approximately $9.5 million across various blockchain ecosystems. Ledger Live is the official desktop and mobile application for managing cryptocurrency stored on Ledger hardware wallets—devices designed specifically to protect digital assets. The fake version mimicked the legitimate application's interface and branding, allowing attackers to harvest user credentials and private keys through phishing techniques. The incident represents a significant gap in Apple's App Store review process. Despite the company's claims of rigorous security vetting, the malicious application passed initial checks and remained available long enough to affect dozens of users. Ledger has not yet provided detailed statements on the breach, though the company maintains that compromised users did not lose funds stored exclusively on Ledger hardware devices—only those who imported private keys into the fake application faced losses. The attack highlights ongoing risks in the cryptocurrency ecosystem. Hardware wallet users typically face lower risk of theft compared to exchange-based storage, but downloading counterfeit wallet applications can expose even security-conscious investors to fraud. Apple removed the malicious app following reports, but the incident raises questions about the company's ability to distinguish between legitimate and fraudulent financial applications. Cryptocurrency-related scams have proliferated on major app stores, with attackers frequently using visual mimicry and trusted brand names to deceive users. Users are advised to download wallet applications only through official channels and verify developer information before installation. Hardware wallet providers including Ledger recommend downloading applications exclusively from official websites or app store links provided on their primary domains.