A fake Ledger Live app listed on Apple’s App Store was tied to more than $9.5 million in crypto thefts from over 50 victims between April 7 and April 13, 2026, according to blockchain investigator ZachXBT and reports published on April 14, 2026. The case matters because it did not spread through a shady download portal. It spread through a trusted storefront. That’s the part competitors touched on, but did not fully unpack: the real failure here is distribution trust, not just phishing discipline.
Last Updated: April 15, 2026, 00:40 UTC
Incident Window: April 7, 2026 to April 13, 2026, before removal from Apple’s App Store
Estimated Losses: $9.5 million+ | Known Victims: 50+
Laundering Route: 150+ KuCoin deposit addresses allegedly tied to AudiA6, per ZachXBT reporting cited April 14, 2026
Theft Total Crosses $9.5 Million in Just Seven Days
The number is ugly. More than $9.5 million gone in one week. The Block reported on April 14, 2026, at 10:05 a.m. EDT that a fraudulent Ledger Live application on Apple’s App Store was linked to roughly $9.5 million in losses across Bitcoin, Tron, Solana, Ripple and multiple EVM networks, citing ZachXBT’s investigation. Decrypt separately reported on April 14, 2026 that the fake Mac app drained more than $9.5 million from over 50 users during the April 7 to April 13 window. Cointelegraph matched the broad figures the same day, adding that Apple removed the app on April 13, 2026.
That cross-verification matters. When three outlets line up on the same core figures, and all attribute the findings to the same on-chain investigator, the baseline becomes harder to dismiss. The average loss implied by the public tally is about $190,000 per victim, based on $9.5 million divided by 50 victims. That average likely understates the skew, because the biggest wallets were hit far harder than the median user. In other words, this was not a spray-and-pray scam. It appears to have captured a mix of retail and high-value holders.
Derived Metrics Analysis
| Calculated Metric | Current Value | Reference Value | Deviation | Signal |
|---|---|---|---|---|
| Average Loss per Victim | $190,000+ | N/A | N/A | High-value targeting |
| Largest Known Single Loss Share | 34.4% | N/A | N/A | Concentrated damage |
| Address Dispersion Ratio | 3.0+ | N/A | N/A | Layered laundering path |
Methodology: Average loss per victim uses the reported $9.5 million total and 50-victim minimum. Largest known single loss share uses the reported $3.27 million USDT theft divided by $9.5 million. Address dispersion ratio uses 150+ KuCoin deposit addresses divided by 50+ victims. Data compiled from The Block, Decrypt, and Cointelegraph reports published April 14, 2026, all citing ZachXBT. Updated: 00:40 UTC, April 15, 2026.
I’ve tracked enough wallet-drain stories to know when a pattern changes. This one did. The scam’s edge was not technical novelty. It was placement inside a platform many users treat as pre-vetted. That changes user behavior. People who would never type a seed phrase into a random website may still lower their guard when the download comes from an official store listing.
Why App Store Trust Triggered Faster Losses Than a Typical Phishing Page
Here’s the mechanism. A fake app impersonating Ledger Live gets distribution through Apple’s storefront. A user installs it on a Mac. The interface looks legitimate enough to prompt wallet restoration or setup. The victim enters a 24-word recovery phrase. Funds are then drained. Ledger’s chief technology officer Charles Guillemet told Cointelegraph that Ledger never asks users for their 24-word recovery phrase and warned that users cannot assume the surrounding software environment is safe, even when it looks official.
That warning is not abstract. Cointelegraph reported one victim lost about $420,000 in Bitcoin after downloading the malicious app from Apple’s App Store and entering a seed phrase. It also listed three seven-figure losses tied to the broader incident: about $1.95 million in Bitcoin, staked Ether and Ether; about $3.23 million in USDT on April 9, 2026; and about $2 million in USDC on April 11, 2026. Decrypt reported one wallet was drained of $3.27 million in USDT, while swiped assets included Bitcoin, Solana, XRP and USDT.
Event Sequence: April 7-14, 2026
April 7, 2026: Fake Ledger Live app begins affecting victims on Apple’s App Store, according to Decrypt’s summary of ZachXBT’s investigation.
April 9, 2026: One reported victim loses about $3.23 million in USDT, per Cointelegraph’s incident breakdown.
April 11, 2026: Another reported victim loses about $2 million in USDC; musician G. Love says on X that he lost about $420,000 in BTC after downloading the fake app.
April 13, 2026: Apple removes the fake app from the App Store, according to Cointelegraph and Decrypt.
April 14, 2026: The Block, Decrypt and Cointelegraph publish reports tying the app to $9.5 million+ in thefts from 50+ victims.
What competitors mostly missed is the speed profile. Seven days. More than 50 victims. That works out to at least 7.1 victims per day and roughly $1.36 million in losses per day using the reported minimums. For a wallet-drain campaign, that’s fast. It suggests the listing had enough visibility, credibility or ranking power to keep feeding new victims before removal.
150+ KuCoin Deposit Addresses While Victim Count Stayed Near 50 Shows Structured Laundering
The laundering trail is another underplayed angle. ZachXBT said the stolen funds moved through more than 150 KuCoin deposit addresses tied to AudiA6, described as a centralized mixing service. If that figure holds, the operation used at least three deposit addresses for every known victim. That does not prove sophistication on its own, but it does suggest deliberate fragmentation designed to complicate tracing and recovery.
There is precedent for fake Ledger apps appearing in official software marketplaces. CoinDesk reported in November 2023 that a fake Ledger Live app on Microsoft’s store led to at least $590,000 in Bitcoin theft, with ZachXBT later saying the total across chains rose to roughly $770,000. Compare that with the Apple-linked case: $9.5 million versus $770,000. That is about 12.3 times larger. Same brand impersonation theme. Much bigger blast radius.
⚠️
Risk Signal: Official storefronts are not a seed-phrase safety guarantee
Ledger’s CTO said users should never enter a 24-word recovery phrase into software prompts, and Cointelegraph reported the fake app was removed only on April 13, 2026 after losses had already crossed $9.5 million. Apple has said in prior transparency and newsroom reports that it reviews millions of submissions annually and rejected more than 1.9 million apps in 2024 for security, privacy or fraud concerns. This case shows review scale does not eliminate high-impact misses.
Apple’s own public claims sharpen the contradiction. In a 2025 newsroom post, Apple said the App Store prevented more than $9 billion in fraudulent transactions and reviewed over 7.7 million submissions in 2024, rejecting more than 1.9 million for failing standards tied to security, reliability and fraud. In a 2024 post, Apple said it reviewed nearly 6.9 million submissions in 2023, or about 132,500 apps a week on average. Big numbers. Serious effort. Yet one fake wallet app still appears to have slipped through and stayed live long enough to facilitate a multimillion-dollar theft.
Can Apple and Wallet Users Rebuild Trust After a $9.5 Million Miss?
That’s the forward question. For Apple, the pressure point is review credibility. For Ledger users, it’s operational discipline. The hard rule has not changed: a recovery phrase belongs on the hardware wallet backup, not in an app prompt. Ever. But platform trust clearly altered behavior here, and that means the security lesson is broader than “users should know better.” Distribution channels shape risk. When a malicious app sits inside a trusted store, the store inherits part of the attack surface.
Data Verification: The $9.5 million total, 50+ victim count, April 7 to April 13 incident window, and 150+ KuCoin deposit addresses were all reported on April 14, 2026 by at least two of Decrypt, The Block and Cointelegraph, each citing ZachXBT. The largest known losses ranged from about $1.95 million to $3.27 million depending on asset mix and outlet-specific breakdowns. Those figures are consistent enough to establish the scale, even if final forensic totals may still move.
Frequently Asked Questions
What happened in the fake Ledger app case?
A fraudulent app impersonating Ledger Live appeared on Apple’s App Store and was linked to more than $9.5 million in crypto thefts from over 50 victims between April 7 and April 13, 2026, according to reports published April 14, 2026 by The Block, Decrypt and Cointelegraph citing ZachXBT.
How did the scam steal funds?
The app allegedly tricked users into entering their 24-word recovery phrase. Once that phrase was exposed, attackers could restore the wallet and transfer assets out. Ledger’s CTO told Cointelegraph that Ledger never asks users to enter a recovery phrase into an app.
How much did victims lose?
The reported total exceeded $9.5 million as of April 14, 2026. Publicly cited examples included losses of about $1.95 million, $2 million, $3.23 million and one wallet drained of $3.27 million in USDT. One separate victim, musician G. Love, said he lost about $420,000 in Bitcoin.
When was the fake app removed from Apple’s App Store?
Cointelegraph and Decrypt reported that Apple removed the fake app on April 13, 2026. The known victimization window cited in coverage ran from April 7 through April 13, 2026.
Were the stolen funds traceable?
Yes, at least in part. ZachXBT said the funds were laundered through more than 150 KuCoin deposit addresses allegedly tied to AudiA6. That does not guarantee recovery, but it does provide investigators with a transaction trail across multiple addresses and chains.
What is the main lesson for crypto users?
Never enter a wallet recovery phrase into any app, website or desktop prompt. Not even one downloaded from an official store. Hardware wallet recovery phrases should remain offline. If software asks for the phrase, that’s the red flag.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency involves significant risk, including the possibility of total loss. Always verify wallet software through official vendor channels and conduct your own research.
Leave a comment