Apple removes fake Ledger app that stole $9.5M from crypto investors

8 hours ago

Apple has confirmed it took down a malicious app

Apple removes fake Ledger app that stole .5M from crypto investors

Apple removes fake Ledger app that stole $9.5M from crypto investors

Apple has confirmed it took down a malicious app that impersonated the Ledger self-custody crypto wallet after an onchain analysis found that more than 50 victims fell for the scam, losing a combined $9.5 million.

Apple told Cointelegraph on Tuesday that the fake Ledger Live app was removed and that the developer, “SAS Software Company,” was terminated from the Apple App Store.

Apple said the developer used a “bait-and-switch strategy” to trick users into installing a fake Ledger Live app and sharing their seed phrases.

Bait-and-switch violations on the Apple App Store are not uncommon, with Apple saying that in 2024, it removed or rejected more than 17,000 apps for engaging in such tactics.

The company also rejected more than 320,000 app submissions flagged as spam, copycat or misleading and blocked more than 37,000 potentially fraudulent apps from reaching users.

Two reviews and fake feature updates for the counterfeit Ledger Live app before it was removed from the Apple App Store. Source: Archive.ph

In the past, bait-and-switch scammers on the Apple App Store have obtained approval through legitimate means before uploading fake screenshots or altering descriptions to mimic another well-known app.

Apple has been fighting these scams since at least 2013. In February of that year, scammers placed a clone of Nintendo’s Pokémon Yellow game in the Apple App Store and sold copies before users complained and it was taken down.

The incidents highlight the critical need for investors to self-verify crypto apps on third-party platforms as scammers become increasingly sophisticated with their strategies.

Blockchain sleuth ZachXBT found on Monday that more than 50 crypto investors fell victim to the fake Ledger app scam between April 7 and 13, resulting in about $9.5 million in losses.

The losses were largely concentrated among three investors — with one losing $3.23 million in USDt (USDT), another $2 million in USDC (USDC) and a third losing $1.95 million worth of Bitcoin (BTC), Ether (ETH) and staked Ether.

Related: Hong Kong retiree loses $840K in triple ‘crypto expert’ scam

Another victim was Garrett Dutton, an American musician better known as “G. Love,” who revealed that he lost $420,000 worth of Bitcoin from the scam.

In late 2023, scammers also bypassed Microsoft’s listing review process for its app store, leading to nearly $600,000 worth of crypto stolen.

Magazine: Asia Express: Phantom Bitcoin checks, China tracks tax on blockchain