.png){kind=logo}
A fake Ledger Live app on Apple’s App Store triggered $9.5 million in losses across multiple blockchains. ZachXBT said the theft affected more than 50 victims between April 7 and April 13. Apple removed the app on April 12 after the losses mounted. The case stretched across Bitcoin, EVM, Tron, Solana, and Ripple.
On April 14, blockchain investigator ZachXBT said on Telegram that the theft affected users on several major networks. The incident ran for a week and moved quickly across different asset types.
The stolen funds came from Bitcoin, EVM chains, Tron, Solana, and Ripple. That broad reach showed that the operation did not target one token or one chain alone.
At the same time, the attack used a channel that many users trust. Instead of relying on scam links alone, the operators placed a fraudulent wallet app inside a mainstream app marketplace.
That made the setup more convincing for users who expected a safe download environment. As a result, the attack moved beyond the usual pattern of fake emails or suspicious login pages.
The case also showed how wallet phishing has changed. Attackers now place malicious tools inside spaces that users often treat as legitimate by default.
Once a user entered a recovery phrase into a fake interface, the rest of the wallet’s protections lost value. Hardware wallet security and transaction prompts could not stop the theft after the root secret was exposed.
Also Read: Forbes 30 Under 30 Honoree Arrested in $2.1 Billion GainBitcoin Fraud Case
Three victims suffered losses worth seven figures each during the theft window. The biggest losses landed on April 8, April 9, and April 11. On April 8, one victim lost $1.95 million. The compromised assets included 20.64 BTC, 211 stETH, and 70 ETH.
Then, on April 9, another victim lost $3.23 million in USDT. Two days later, a third victim lost $2.08 million in USDC.
These three cases formed the largest reported losses in the incident. Still, the total theft affected more than 50 victims, which pushed the combined losses to $9.5 million.
Apple removed the fake app from the App Store on April 12. The removal came before ZachXBT publicly detailed the case on April 14.
Even so, the theft had already run from April 7 through April 13. That timeline showed how fast a fake wallet campaign could scale before broad public attention arrived.
ZachXBT said the stolen funds moved through more than 150 KuCoin deposit addresses linked to AudiA6. He described AudiA6 as a centralized transaction mixer that obscures illicit funds for higher fees.
That laundering route stood out because it relied on centralized exchange deposit infrastructure. It did not depend on decentralized mixers or simple peel chains.
The structure suggested planning and repeatable methods. It also pointed to coordination that went beyond a one-off retail scam. The report fit into a broader pattern tied to KuCoin. AMBCrypto had earlier reported that Bitcoin Depot lost $3.66 million, and the stolen funds also moved to KuCoin deposit addresses.
The report noted that the government fined KuCoin more than $300 million in January 2025 for violating AML laws. Then, in February 2026, ZachXBT said Austria’s regulator barred KuCoin from onboarding new EU users.
Later, in late March 2026, Japan’s Financial Services Agency flagged KuCoin for operating without registration. Against that backdrop, the FBI’s Internet Crime Complaint Center recently reported $11.36 billion in crypto-related fraud losses.
Also Read: X Launches Cashtags for Real-Time Stock and Crypto Markets
The fake Ledger Live app scam led to $9.5 million in losses across several blockchains and affected more than 50 victims in one week. Apple removed the app, but the case showed how fast trusted platforms can be abused. Users need to verify wallet apps carefully and never enter recovery phrases into suspicious interfaces.
