A fake Ledger app on the Apple App Store drained $9.5 million in crypto
A malicious Ledger Live clone slipped onto Apple’s App Store, draining millions from dozens of victims across multiple blockchains in a week-long phishing campaign.
A fake Ledger app on the Apple App Store drained $9.5 million in crypto
A malicious Ledger Live clone slipped onto Apple’s App Store, draining millions from dozens of victims across multiple blockchains in a week-long phishing campaign.
Fake Ledger app leads to million in losses (Clint Patterson/Unsplash)
What to know:
A fake Ledger Live app led to at least $9.5 million in losses across 50+ victims on Bitcoin, Ethereum, Solana, Tron and XRP between April 7–13.
Stolen funds were traced to KuCoin deposit addresses and linked to a centralized laundering service known as AudiA6.
Victims say they unknowingly entered recovery phrases into the malicious app, giving attackers full access to their wallets.
“I lost my retirement fund in a hack/scam… All my BTC gone in an instant,” he wrote.
Blockchain investigator ZachXBT later traced the stolen 5.92 BTC, showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Apple and KuCoin did not immediately respond to requests for comment.
$9.5 million stolen across chains
X user @glove wasn’t the only victim. The phishing campaign, active between April 7 and April 13, impacted more than 50 suspected victims across Bitcoin, Ethereum-compatible networks, Tron, Solana and XRP.
Three of the largest victims lost seven-figure sums, with $3.23 million in USDT being stolen on April 9, $2.08 million of USDC on April 11 and $1.95 million in BTC, ETH and stETH being drained on April 8.
Cases like this typically prompt victims to enter their recovery phrase on an app, giving attackers full access to their wallets.
Laundering via KuCoin and ‘AudiA6’
Stolen funds were routed through more than 150 KuCoin deposit addresses and tied to “AudiA6,” a centralized crypto mixing service known for charging high fees to obfuscate illicit flows.
The reliance on a centralized exchange as a laundering hub is notable given KuCoin’s recent regulatory troubles. The exchange was barred from onboarding new EU users by Austrian regulators in February 2026, just months after receiving a MiCA license, and previously paid over $300 million to U.S. authorities to settle anti-money laundering violations in 2025.
App Store scrutiny
Apple removed the fake Ledger Live app from the App Store, but questions remain about how it passed review and how long it was available.
The scale of losses, coupled with the fact that the app was distributed through Apple’s official marketplace, could expose the company to legal risk, with ZachXBT suggesting the incident may form the basis for a class-action lawsuit.
Rising threat
The incident highlights a persistent threat that has marred the crypto industry over the past few years. In 2025 crypto investors lost around $17 billion to hacks and scams, with social engineering and phishing tactics leading the way in terms of attack vectors.
For victims, the damage is already done.
“I worked ten years for this,” the victim wrote. “Be careful out there.”
Deutsche Börse teamed up with Kraken in December to bridge traditional and digital markets and help expedite institutional cryptocurrency adoption in Europe.
What to know:
Deutsche Börse took a $200 million stake in crypto exchange Kraken’s parent Payward Inc., equivalent to a 1.5% stake in the company.
The investment values the company at around $13.3 billion.
Kraken announced its aim to go public in November last year, but has reportedly shelved those plans due to…
