Counterfeit Ledger App Scams Crypto Users Out of Over $760K on Microsoft App Store

According to onchain expert Zachxbt, hackers got distant with much than $768,000 aft sneaking a counterfeit Ledger Live exertion into the Microsoft App Store. Out of the stolen stash, the onslaught netted implicit 16.8 bitcoins worthy $588,000.

Hackers Steal Over $760,000 successful Crypto Through Fake Ledger App connected Microsoft Store

A phony Ledger Live exertion was added to the Microsoft App Store, according to a report from onchain expert Zachxbt connected Saturday. Ledger is simply a cryptocurrency hardware wallet manufacturer. Since the attack, Microsoft has removed the counterfeit bundle from its applications store.

“Community Alert: There is presently a fake Ledger Live app connected the authoritative Microsoft App Store which resulted successful 16.8+ BTC ($588K) stolen,” Zachxbt posted to the societal media level X.

But the theft did not extremity there. Zachxbt reported that different unfortunate with an ETH/BSC code mislaid $180,000 from the fake Ledger application. “How is this adjacent possible?” 1 idiosyncratic asked Zachxbt. The expert replied by saying that app companies “do not vet apps diligently.” A akin lawsuit occurred with Trezor this twelvemonth erstwhile a fake app called “Trezor Wallet Suite” appeared successful the Apple App Store (Trezor does not person an iOS application).

Ledger: ‘We Certainly Do Report It, but Only Microsoft Can Take It Down and Work connected Their Side’

March 2021 saw a devastating lawsuit for 1 idiosyncratic who fell for a counterfeit Trezor exertion recovered successful Apple’s App Store, resulting successful the nonaccomplishment of his full bitcoin savings. The culprits made disconnected with 17.1 bitcoins. The unfortunate expressed much fury toward Apple than the existent robbers successful a statement to The Washington Post.

At the time, Apple said, “In the constricted instances erstwhile criminals defraud our users, we instrumentality swift enactment against these actors arsenic good arsenic to forestall akin violations successful the future.”

Microsoft, Apple, and Google’s app stores person inadvertently permitted galore imposter apps masquerading arsenic morganatic software. These applications are often crafted to phish for a user’s effect oregon login details with the intent to hijack their funds. Vigilance is cardinal erstwhile verifying an app’s legitimacy; this includes scrutinizing for typos, mismatched icons oregon explanations, and the developer’s interaction details.

Ledger’s enactment squad alerted the Twitter assemblage to the counterfeit application. “Hey Ledger users. Beware of fake Ledger Live apps published connected the Microsoft Store. The lone harmless spot to download Ledger Live is connected our website. Ledger volition NEVER inquire you for your 24-word betterment phrase. Stay safe.” Ledger further explained that the institution besides alerted Microsoft arsenic good arsenic the community.

What bash you deliberation astir the fake Ledger app that made it into the Microsoft store? Share your thoughts and opinions astir this taxable successful the comments conception below.