A malicious “Ledger Live” app briefly listed on Apple’s Mac App Store has been linked to at least $9.5 million in cryptocurrency theft, affecting more than 50 victims across multiple blockchains.
The app was removed by Apple after reports surfaced, but not before significant losses were recorded between April 7 and April 13, 2026.
The incident was first brought to light by blockchain investigator ZachXBT, who traced a series of coordinated thefts spanning Bitcoin, Ethereum-compatible networks, Tron, Solana, and XRP Ledger. According to his Telegram post, attackers siphoned funds from victims who unknowingly installed the fake application masquerading as Ledger’s official wallet management software.
ZachXBT identified multiple theft addresses used in the campaign, including Bitcoin and Ethereum wallets, as well as addresses on the Tron, Solana, and XRP Ledger networks. The stolen assets were quickly funneled through over 150 KuCoin deposit addresses, which were reportedly linked to a centralized laundering operation known as “AudiA6.” This service is known for charging high fees in exchange for obscuring illicit transaction flows.
ZachXBT
Three of the largest victims suffered seven-figure losses. On April 9, one wallet lost approximately $3.23 million in USDT, followed by a $2.07 million USDC theft on April 11. Another victim reported losses totaling $1.95 million across Bitcoin, stETH, and ETH on April 8. The speed and scale of these transactions suggest a well-automated draining mechanism embedded within the fake app, likely triggered after users entered sensitive wallet credentials or recovery phrases.
The fraudulent app was reportedly published under the developer name “Leva Heal Limited” and had been available on the App Store for only about 2 weeks. Community members on Reddit began raising alarms shortly before the takedown, noting discrepancies in the developer identity and warning that Ledger does not distribute its macOS application via the Mac App Store. One user reported narrowly avoiding losses after entering credentials but quickly transferring funds out upon suspecting foul play.
Ledger, a French hardware wallet manufacturer serving millions of users globally, distributes its official software exclusively through its website for desktop platforms. While a legitimate iOS version exists on Apple’s App Store, it is not intended for macOS use, making the presence of a Mac App Store version a clear red flag.
The incident also raises renewed scrutiny of Apple’s App Store review process and KuCoin’s role in facilitating laundering flows. ZachXBT noted a recent uptick in illicit activity tied to KuCoin, which has faced regulatory pressure in multiple jurisdictions. The exchange was barred by Austrian regulators from onboarding new EU users in February 2026 and had previously paid over $300 million in fines to US authorities for anti-money laundering violations.
Leave a Reply