Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto

Summary

A malicious Ledger Live application was distributed through Apple's App Store under the publisher name 'Leva Heal Limited,' tricking users into entering their seed phrases and draining approximately $9.5 million in cryptocurrency across Bitcoin, Ethereum, Tron, Solana, and Ripple. The attackers laundered stolen funds through over 150 deposit addresses on KuCoin via a mixing service called 'AudiA6.' Apple removed the fake app after multiple reports, but not before 50 users suffered significant losses; KuCoin froze associated accounts pending law enforcement requests.

Full text

Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto By Bill Toulas April 14, 2026 12:37 PM 0 A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. Users who downloaded the fake Ledger app were tricked into entering their seed/recovery phrases, thus giving attackers full access to their wallets and allowing them to send digital assets to external addresses under their control. According to blockchain investigator ZachXBT, the attackers used several wallet addresses to receive funds across multiple chains, including Bitcoin, Ethereum, Tron, Solana, and Ripple. The stolen amounts were then laundered through more than 150 deposit addresses on KuCoin, linked to a centralized mixing service called “AudiA6,” which launders crypto in exchange for high fees. Malicious transactionsSource: ZachXBT The investigator tracked three individual victims losing seven-figure amounts ($3.23 million, $2.08 million, and $1.95 million) between April 8 and April 11. Musician G. Love stated on X that he also lost 5.9 BTC (currently $430k) after downloading the app. This loss was also traced and confirmed by ZachXBT. According to a Reddit discussion, the fake app was submitted to the Apple App Store under the publisher name ‘Leva Heal Limited,’ an account not associated with the real Ledger development team. The malicious actor also created a fake version history by releasing major new versions every few days, going from 1.0 to 5.0 within just two weeks. Details of the fake Ledger appSource: Reddit Following multiple user reports, Apple has now removed the fake app from the App Store, but not before 50 users lost a total of $9.5 million. BleepingComputer has reached out to Apple for a comment, but we have not received a response yet. Meanwhile, KuCoin, which has been accused of violating anti-money laundering laws in the past and was even ordered to pay $300 million in penalties in the U.S. last year, announced that it has frozen the accounts involved in the latest scheme. However, the platform noted that the freeze will only last until April 20. Beyond that date, the freeze can be extended via an official request from law enforcement authorities. It is important to note that Ledger offers a Mac app on its website, but not in the Apple App Store, where only an iOS-compatible version is available. Threat actors have attempted to exploit this availability gap again in the past, even targeting the Microsoft Store in 2023, stealing $768,000 worth of cryptocurrency. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Microsoft still working to fix Exchange Online mailbox access issuesSnail mail letters target Trezor and Ledger users in crypto-theft attacks$4.8M in crypto stolen after Korean tax agency exposes wallet seedOpenAI rotates macOS certs after Axios attack hit code-signing workflowOver 20,000 crypto fraud victims identified in international crackdown

Indicators of Compromise

• malware — Fake Ledger Live (macOS)

Entities