•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
A fake Mac application impersonating Ledger’s self-custody software resulted in the loss of more than $9.5 million in crypto assets from over 50 users over the course of a week, according to an investigation by pseudonymous on-chain sleuth ZachXBT.
The malicious app posed as the Ledger Live application used to manage assets held by Ledger hardware devices. ZachXBT said the campaign affected victims from April 7 until April 13, when the app was removed from the Apple App Store.
ZachXBT reported that stolen funds were laundered via 150+ KuCoin deposit addresses tied to AudiA6, a centralized mixing service that charges high fees to process illicit funds.
According to ZachXBT’s analysis, at least three victims lost more than $1.95 million apiece. One wallet was drained of $3.27 million in USDT.
The assets taken included Bitcoin, Solana, XRP, USDT, and other cryptocurrencies.
Musician G. Love—real name Garrett Dutton, frontman of the rock band G. Love & Special Sauce—was among those affected. He said he lost his retirement funds after switching his Ledger to a new computer and downloading a malicious Ledger app from the Apple App Store.
G. Love reported that his BTC was stolen “in an instant” and said he had traced the theft of 5.92 BTC, valued at around $447,000. He added that the funds were laundered via KuCoin deposit addresses in the following transactions, citing ZachXBT’s tracing work.
ZachXBT said the fake app remained available in the App Store for nearly two more days after the initial period he analyzed.
After noting that stolen funds had been traced to KuCoin, the exchange’s support team reportedly responded to the musician and indicated it had frozen a suspicious account related to the funds.
The article also notes that KuCoin has faced heightened scrutiny. Last month, it was barred from offering access to U.S. users unless it registered as a foreign board of trade. Last year, KuCoin was hit with a $14 million fine—described as the largest ever anti-money laundering penalty in Canadian history—by Canada’s financial regulator.
The content cites Ledger-focused phishing as a recurring threat, noting that fake applications and websites are among the most common phishing vectors for Ledger users, alongside fake calls, emails, and letters.
It also references a U.S. Attorney’s Office for the District of Connecticut recovery of $600,000 worth of crypto assets tied to a fraud scheme using fake letters purported to be from Ledger.
The article states that an Apple representative did not immediately respond to a request for comment. It also says a Ledger representative did not immediately respond to a request for comment and that Ledger had not issued a public statement about the campaign at the time of publication.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
