A malicious clone of Ledger Live bypassed Apple's App Store security checks and drained approximately $9.5 million from over 50 victims in a week-long phishing campaign running April 7-13.
A counterfeit Ledger Live application successfully infiltrated Apple's App Store, executing a coordinated theft that targeted cryptocurrency users across multiple blockchain networks.
The fraudulent app operated between April 7 and April 13, compromising at least 50 user accounts before detection. Total losses reached approximately $9.5 million across various blockchain ecosystems.
Ledger Live is the official desktop and mobile application for managing cryptocurrency stored on Ledger hardware wallets—devices designed specifically to protect digital assets. The fake version mimicked the legitimate application's interface and branding, allowing attackers to harvest user credentials and private keys through phishing techniques.
The incident represents a significant gap in Apple's App Store review process. Despite the company's claims of rigorous security vetting, the malicious application passed initial checks and remained available long enough to affect dozens of users.
Ledger has not yet provided detailed statements on the breach, though the company maintains that compromised users did not lose funds stored exclusively on Ledger hardware devices—only those who imported private keys into the fake application faced losses.
The attack highlights ongoing risks in the cryptocurrency ecosystem. Hardware wallet users typically face lower risk of theft compared to exchange-based storage, but downloading counterfeit wallet applications can expose even security-conscious investors to fraud.
Apple removed the malicious app following reports, but the incident raises questions about the company's ability to distinguish between legitimate and fraudulent financial applications. Cryptocurrency-related scams have proliferated on major app stores, with attackers frequently using visual mimicry and trusted brand names to deceive users.
Users are advised to download wallet applications only through official channels and verify developer information before installation. Hardware wallet providers including Ledger recommend downloading applications exclusively from official websites or app store links provided on their primary domains.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.