More than $9.5 million in cryptocurrency assets were stolen from over 50 users due to a fraudulent Mac app that masqueraded as Ledger’s official software, according to ZachXBT, an anonymous blockchain investigator. The scam occurred between April 7 and April 13 before the counterfeit application was removed from the Apple App Store.
ZachXBT identified on his Telegram channel that the illicitly obtained funds were funneled through over 150 KuCoin deposit addresses linked to AudiA6, a high-fee centralized mixing service used for laundering money. His analysis revealed that three victims suffered losses exceeding $1.95 million each, with one account losing $3.27 million in USDT. Stolen cryptocurrencies included Bitcoin, Solana, XRP, and more.
Garrett Dutton, known as G. Love from the band G. Love & Special Sauce, also fell victim to this scam. He lost 5.92 BTC, approximately worth $447,000, after accidentally downloading a malicious app while transferring his Ledger to a new computer. On April 11, he shared his ordeal on X, expressing how his retirement savings were wiped out in an instant.
ZachXBT traced G. Love’s stolen BTC and revealed their laundering through KuCoin deposits via a tweet on April 12. The fraudulent app stayed on the App Store for almost two additional days before removal, as per ZachXBT’s findings. Apple did not immediately respond to Decrypt’s request for comment.
Upon discovering that the stolen funds were linked to KuCoin, the exchange’s support team communicated with G. Love, stating they had frozen a suspicious account after receiving relevant information and following due legal processes.
KuCoin has faced challenges with increasing illicit activities on its platform. Previously, it was restricted from serving U.S. users unless registered as a foreign board of trade and incurred a $14 million fine by Canadian regulators last year—the largest anti-money laundering penalty in the country’s history.
Ledger warns that fake applications and websites are prevalent phishing threats for their users, along with fraudulent calls, emails, and letters. The U.S. Attorney’s Office for the District of Connecticut recently recovered $600,000 in cryptocurrency tied to a scam involving counterfeit Ledger correspondence.
A representative from Ledger did not immediately respond to Decrypt’s inquiry regarding this phishing attack, nor has the company publicly addressed the incident.