Fake Ledger Live app on Apple App Store stole $9.5M from 50+ victims in one week

Stolen funds routed through 150+ KuCoin deposit addresses tied to a centralised mixer; Apple has since removed the app

By Indexa Editorial Team·Published 14 April 2026

Briefing

A fraudulent Ledger Live application listed on the Apple App Store drained approximately $9.5 million in cryptocurrency from more than 50 victims between April 7 and April 13, according to blockchain investigator ZachXBT. Three victims each lost seven-figure sums, with the largest single loss totalling $3.23 million in USDT. The stolen assets were laundered through more than 150 KuCoin deposit addresses linked to AudiA6, a centralised mixing service. Apple has removed the application.

A fraudulent Ledger app pillaged $9.5M from App Store users in six days

A malicious clone of Ledger Live, the wallet management software produced by hardware wallet maker Ledger, was listed on Apple's App Store and used to steal roughly $9.5 million in cryptocurrency from at least 50 victims between April 7 and April 13, according to blockchain investigator ZachXBT.

The theft spanned multiple blockchains, including Bitcoin, Ethereum, Tron, Solana, Ripple, and several EVM-compatible networks. Apple removed the application after ZachXBT flagged the incidents in a Telegram post on Tuesday.

Scale and composition of losses

Three victims each suffered losses exceeding $1 million. The largest individual loss was $3.23 million in USDT; the second-largest was $2.079 million in USDC; the third involved a combined $1.95 million in assets comprising 20.64 BTC, 211 stETH, and 70 ETH. The attack follows a similar incident on April 12, in which American musician Garrett Dutton, known as G. Love, reported the loss of 5.9 BTC after entering his seed phrase into a comparable fraudulent application.

Laundering infrastructure

ZachXBT traced the stolen funds through more than 150 deposit addresses on KuCoin tied to AudiA6, which he described as a centralised mixing service that launders illicit proceeds for high fees. He also flagged a broader pattern of increasing illicit flows through KuCoin, noting a separate investigation in which he traced roughly 54 BTC, valued at approximately $3.7 million, stolen from Bitcoin Depot to KuCoin wallets.

KuCoin's regulatory standing is already under pressure. The Seychelles-based exchange paid more than $300 million in fines to the U.S. Government in January 2025 to settle Anti-Money Laundering charges. In February 2026, Austrian regulators barred the exchange from onboarding new European Union users, despite KuCoin having received its MiCA licence the previous November.

Platform liability and user guidance

ZachXBT questioned Apple's liability for hosting the fraudulent application. Ledger has previously warned that official app stores can carry malicious software impersonating its products. Ledger Chief Technology Officer Charles Guillemet stated: "Ledger will never ask for your 24 words. If anyone, or any app, is asking for your 24 words, assume something is wrong. The only protection that holds is keeping your private keys on a dedicated hardware device with a secure screen." The company directs customers to download its wallet software exclusively from its official website.

Analysis

KuCoin is now documented as laundering infrastructure for two separate high-profile crypto thefts within weeks, while already operating under a $300M AML settlement and an Austrian onboarding ban. Regulators in remaining permissive jurisdictions have a concrete, traceable pattern to act on. Any exchange that routes settlement through KuCoin, or lists KuCoin-linked tokens, faces elevated compliance scrutiny and potential de-risking by banking partners.
Apple hosting a fraudulent app that stole $9.5M in six days while it remained live on the App Store reopens the platform liability debate in a jurisdiction-specific way. The EU's Digital Markets Act and existing MiCA consumer protection provisions give European regulators a direct enforcement hook. Apple faces a credible risk of formal inquiry into its app review process for financial and crypto applications across EU member states.

Connected Events

Crypto · 2 months ago

Bitcoin Depot reports 50.9 BTC stolen from corporate wallets in security breach

Bitcoin Depot's 50.9 BTC theft, in which ZachXBT traced roughly 54 BTC in stolen funds to KuCoin wallets, is the same laundering pipeline now linked to the Ledger Live fraud. Two separate theft investigations resolved to the same exchange within days, providing regulators with a documented pattern rather than an isolated incident.

Musician Garrett Dutton's April 12 loss of 5.9 BTC to a comparable fraudulent seed-phrase app, cited directly in this report, confirms the Ledger Live fraud was not a single-vector attack but part of a coordinated campaign running across multiple fake applications simultaneously, raising the total victim count and the reputational pressure on Apple's review infrastructure.

Fake Ledger Live app on Apple App Store stole $9.5M from 50+ victims in one week

A fraudulent Ledger app pillaged $9.5M from App Store users in six days

Scale and composition of losses

Laundering infrastructure

Platform liability and user guidance

Analysis

Connected Events

Bitcoin Depot reports 50.9 BTC stolen from corporate wallets in security breach

Further reading

Related Stories

BlackRock IBIT records near-record $528M single-day outflow as Bitcoin slides below $75K

Samsung units buy $408M stake in Upbit operator Dunamu

TeraWulf acquires Kentucky site for 1 GW AI data centre buildout