Key Takeaways:

• A fake Ledger Live app on Apple’s App Store stole $9.5 million from over 50 users in just one week.
• Victims lost funds after entering their secret 24-word recovery phrase into the fake app.
• Stolen crypto was moved through KuCoin exchange-linked addresses, raising concerns about platform security and oversight.

A fake version of the Ledger Live app listed on Apple’s App Store stole around $9.5 million from over 50 victims between 7 and 13 April 2026, before Apple removed it.

Ledger Live is the official software for managing assets stored on Ledger hardware crypto wallets — physical devices that keep crypto offline. Blockchain investigator ZachXBT exposed the scam in a Telegram post on 14 April 2026.

A week-long phishing campaign

When victims downloaded the fraudulent app, it prompted them to enter their 24-word seed phrase, a master recovery code that gives complete and irreversible access to a crypto wallet. With that phrase in hand, attackers immediately drained the accounts.

ZachXBT’s analysis of blockchain transaction data identified three victims who each lost over $1 million dollars:

• $3.23 million in Tether’s USDt (USDT), a stablecoin pegged to the US dollar, on 9 April 
• $2.079 million in USDC (USDC), another dollar-pegged stablecoin, on 11 April
• $1.95 million in Bitcoin (BTC), Ether (ETH), and stETH (staked Ether, a token that earns rewards) on 8 April.

Musician Garrett Dutton, known as G. Love, was also among other victims, losing 5.92 BTC.

Ledger chief technology officer Charles Guillemet reportedly stressed that Ledger never requests a 24-word recovery phrase. He warned that attackers target any platform where users can be reached, including official app stores.

Learn More: What is a Seed Phrase?

Stolen funds routed through KuCoin

ZachXBT traced the stolen assets to more than 150 crypto deposit addresses on KuCoin, a Seychelles-based cryptocurrency exchange. These addresses were all linked to a crypto-mixing service called AudiA6, which reportedly charges high fees. A crypto mixer is a tool designed to hide the origin of funds by blending various transactions.

The findings bring renewed attention to KuCoin’s regulatory history. In January 2025, KuCoin paid nearly $300 million in fines to the US government after pleading guilty to operating as an unlicensed money transmitter and failing to meet the required Anti-Money Laundering (AML) standards.

Then, in February 2026, Austrian regulators banned it from signing up new European Union (EU) users, just three months after the exchange secured its Markets in Crypto-Assets (MiCA) license, a regulatory permit required to operate legally as a crypto platform in European markets.

Related: Musician Loses 5.92 BTC After Installing Fake Ledger Wallet App

Apple faces liability questions

The incident has raised serious questions about how a fraudulent app cleared Apple’s review and stayed active for about one week. ZachXBT suggested the scale of losses may present grounds for a class-action lawsuit (a legal case filed by a group of affected users) against Apple. Neither Apple nor KuCoin had issued a public response as of writing.

Phishing, in which scammers impersonate trusted brands to steal sensitive user information, remains a leading cause of crypto theft. Blockchain security firm Hacken reported $306 million in phishing-related losses in the first quarter of 2026 alone, contributing to a total of $482 million lost to hacks and fraud during that period.