Fake Ledger Live app drained $9.5M, laundered via KuCoin
A fake Ledger Live app on Apple’s App Store drained about $9.5 million from more than 50 users between April 7 and 13 and routed funds through 150+ KuCoin deposit addresses tied to AudiA6.
Onchain investigator ZachXBT reported that a cloned Ledger Live app listed on Apple’s App Store collected users’ recovery phrases and drained roughly $9.5 million from over 50 suspected victims between April 7 and April 13. The thefts affected wallets on Bitcoin, Solana, Tron, the XRP Ledger and Ethereum Virtual Machine–compatible networks. Apple removed the app from the App Store on April 13.
The investigator identified attacker-controlled wallets that consolidated stolen assets and deposited funds into more than 150 KuCoin deposit addresses. ZachXBT linked those addresses to AudiA6, which he described as a centralized mixing service used to obscure transaction paths.
ZachXBT flagged multiple large single-account losses during the weeklong campaign. The investigator identified three seven-figure cases: about $1.95 million moved across Bitcoin, staked Ether and Ether; roughly $3.23 million in USDt on April 9; and about $2 million in USDC on April 11. Musician Garrett Dutton, also known as G. Love, reported losing about $420,000 in Bitcoin after downloading the malicious app and entering his seed phrase.
Ledger’s chief technology officer, Charles Guillemet, reiterated that the company never asks for a 24-word recovery phrase and warned users to treat software environments with caution. “You cannot trust the software environment around you — not your browser, not your app store, not your desktop,” Guillemet said, adding that attackers operate where opportunities appear, including on official distribution platforms.
The investigator noted a recent uptick in illicit activity routed through KuCoin and pointed out that the exchange was barred from onboarding new European Union users in February, shortly after receiving a Markets in Crypto Assets Regulation license. Key details of the case, including the total loss figure, victim count and the precise laundering route, are based on ZachXBT’s onchain analysis and had not been independently confirmed by Apple or KuCoin review at the time of reporting.
Ledger reiterated standard wallet security guidance urging users never to enter recovery phrases into apps or web pages. Security recommendations include verifying the identity of app developers, downloading software only from links provided on official vendor websites, and using hardware wallet features that keep seed phrases offline.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
