In a recent high-profile cryptocurrency theft, a sum nearing $600,000 in Bitcoin (BTC) was unlawfully obtained from unwitting users who fell prey to a deceitful Ledger Live application, fraudulently presented on Microsoft’s app store. This revelation has been brought to light through the diligent efforts of cryptocurrency sleuth ZachXBT, as detailed in a recent post on the platform X.
ZachXBT, a vigilant on-chain analyst, detected the counterfeit application, dubbed “Ledger Live Web3,” on November 5th. The deceptive app dupes users into believing they are acquiring the legitimate “Ledger Live” – an interface designed for its hardware wallets, enabling secure offline storage of cryptocurrencies.
According to Blockchain.com, the scammer successfully siphoned off approximately 16.8 BTC, equivalent to $588,000, spread across 38 separate transactions utilizing the wallet address “bc1q….y64q.” However, a portion of the ill-gotten gains, totaling $115,200, has been transferred out in two transactions, leaving the perpetrator with a balance of $473,800 or 13.5 BTC.
Ledger Scam Unearths Microsoft’s Security Gaps
In a subsequent update, ZachXBT indicated that Microsoft may have removed the fraudulent Live app from its platform. The initial payment to the scammer’s wallet address occurred on October 24th, amounting to $5,210. Before this transaction, the wallet had remained dormant. Notably, most of the illicit transactions occurred after November 2nd, with the largest single transfer tallying $81,200 on November 4th.
ZachXBT brought to light that they were contacted by two distressed victims on the 4th of November, both asserting that Microsoft ought to shoulder the responsibility for allowing the counterfeit application to infiltrate its app store, a sentiment echoed by others in the cryptocurrency community.
This incident marks not the first time a counterfeit app has infiltrated Microsoft’s app store. In December and March, Ledger’s support account on social media platform X (formerly Twitter) alerted users to a bogus app.
Currently, Ledger has refrained from issuing an official statement regarding this latest scam. Nevertheless, the company has consistently advised its users that the “only safe place” to download Ledger Live is from its official website. Users are strongly encouraged to exercise extreme caution and vigilance when maneuvering through the treacherous terrain of the cryptocurrency realm.