Fake Ledger Live App Steals $588,000 from Users

Ledger wallet users have suffered loss to the tune of $588,000 due to a fake Ledger Live App. blockchain security firm ZachXBT announced this in a tweet on 5 November.

The fake app named “Ledger Live web3” was reportedly found on the official Microsoft App Store. The loss amounts to roughly 16.8 BTC in value, stolen from Ledger users who have already downloaded the fake wallet interface.

According to ZachXBT, the Ledger Live web3 app appeared for the third time on Microsoft store in mid October. However,  the first transaction to the scammer’s wallet address bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q occurred on 24 October, the amount being $5,210.

The number of transactions have increased rapidly in November though, hitting its peak at $81,200 on November 4. Blockchain.com revealed that the wallet address has received the stolen funds in 38 transactions.

Ledger is a leading crypto security company that creates and sells hardware wallets. Hardware wallets are known to be the most secure form of wallets for crypto investors. This is because the funds are mostly offline since the wallet is a cold wallet, making it more difficult for scammers to reach.

Apparently, users can still lose funds if they don’t get the web interface from the correct place, which according to Ledger is their official website only. 

ZachXBT said that $115,200 of the stolen funds have been moved in two transactions, leaving only $473,800 or 13.5 BTC. Unfortunately, another victim lost another $180,000 to an ETH/BSC wallet address 0x089Ecf0703B8E85183F29725f87da40AE488b7B9, bringing the total of stolen funds to $768,000.

A Long-term Plan

This is the first time there’s any report of stolen funds by scammers using the Ledger Live web3 app. However, this is not the first time that the app has been reported. It first appeared in Microsoft official store in December 2022 and March 2023

In response to the initial appearance of the app, Ledger Support posted on X that it was only safe to download the Ledger Live App on the Ledger website. Ledger further warned users at the time, stating that “Ledger will NEVER ask you for your 24-word recovery phrase.”

Interestingly, such warnings are always stressed by all crypto wallet providers, but somehow investors always end up as victims of scams, especially new ones. According to Ledger, scam apps always request for 24-word recovery phrases, which is always a red flag.

Crypto Scams on the Increase

Crypto scams have been around since the inception of crypto in 2009, but it has also been on the increase as the industry continues to grow. Scammers are also building more sophisticated means of defrauding investors, which calls for caution.

As of June, crypto investors had already lost $54 million to crypto scams and rugpulls according to a report by CoinDesk.

To avoid being a victim of such scams, investors should heed the warning that wallet companies give every time – do not give out your recovery phrase to anyone for any reason.

Also as stated by Ledger, only download the Ledger Live app from the official Ledger website and nowhere else. That way, you may have a chance at holding the company responsible should such a loss happen.

As it is, the investors who lost funds have a near-zero chance of recovering part or even the full amounts the scammer stole.

Leave a Reply

Your email address will not be published. Required fields are marked *