Fake Ledger App on Apple Store Steals $9.5M in Crypto
A counterfeit Ledger Live app on Apple’s App Store drained at least $9.5 million from over 50 victims between April 7-13. Funds were laundered through 150+ KuCoin addresses and a mixing service, raising questions about Apple’s app review process and potential legal exposure.
Quick Take
Fake Ledger app on Apple’s App Store stole $9.5M from 50+ victims.
Three largest losses: $3.23M USDT, $2.08M USDC, $1.95M in BTC/ETH.
Stolen funds routed through KuCoin and “AudiA6” mixing service.
ZachXBT traces 5.92 BTC, hints at potential class-action lawsuit against Apple.
Market Impact Analysis
BearishHigh-profile theft of $9.5M, Ledger reputation damage, Apple's review failure, leading to increased fear of scams.
Speculation Analysis
Key Takeaways
- A fake Ledger Live app on Apple's App Store drained ~$9.5M from 50+ victims between April 7-13.
- Three largest losses: $3.23M USDT, $2.08M USDC, $1.95M in BTC/ETH/stETH.
- Stolen funds were laundered through 150+ KuCoin addresses and the 'AudiA6' mixing service.
- ZachXBT traced 5.92 BTC, suggests potential class-action lawsuit against Apple.
- Users should never enter recovery phrases into any app, and verify official sources.
What Happened
Between April 7 and 13, a counterfeit Ledger Live app on Apple's App Store phished over 50 crypto users, stealing approximately $9.5 million. The app appeared legitimate, passing Apple’s review process, and tricked victims into entering their recovery phrases. Once entered, attackers drained wallets across Bitcoin, Ethereum, Tron, Solana, and XRP. One victim lost 5.9 BTC — a decade of savings. Apple removed the app after discovery, but the damage was done. The incident underscores the persistent threat of phishing scams even on official app marketplaces.
The Numbers
The attack netted $9.5 million from over 50 victims. The largest single theft was $3.23 million in USDT on April 9, followed by $2.08 million in USDC on April 11, and a $1.95 million mix of BTC, ETH, and stETH on April 8. Laundering utilized 150+ KuCoin deposit addresses, with funds also sent to AudiA6, a centralized mixer. ZachXBT traced 5.92 BTC from one victim, showing rapid movement through multiple wallets.
Why It Happened
The fake app exploited user trust in Apple’s walled garden. By mimicking Ledger Live’s interface, it convinced victims to enter seed phrases—the keys to their wallets. Apple’s review process failed to catch the malicious app, allowing it to stay live for nearly a week. The attackers chose KuCoin, a centralized exchange with known regulatory lapses, to layer stolen funds. This event highlights ongoing gaps in app store security and the persistent success of social engineering in crypto.
Broader Impact
The theft raises serious questions about Apple’s liability. With victims eyeing a class-action lawsuit, the case could set a precedent for platform responsibility in crypto scams. It also spotlights KuCoin’s role as a laundering channel, despite recent fines. For Ledger, the incident erodes trust in its brand, even though the app was not official. The $17 billion lost to crypto scams in 2025 shows the industry must do more.
What to Watch Next
- Legal actions: A potential class-action lawsuit against Apple could emerge, testing its liability for app store fraud.
- Regulatory scrutiny: KuCoin’s involvement may attract further regulatory action, especially in the EU and U.S.
- Apple’s response: Watch for changes in app review policies or additional security measures for financial apps.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
