Fraudulent Ledger Live App in Microsoft Store Linked to $768K Cryptocurrency Theft
The cryptocurrency community faced a significant security breach when a fake Ledger Live application, titled "Ledger Live Web3," appeared in the Microsoft App Store, leading to substantial financial losses for unsuspecting users. Notorious for mimicking the genuine interface of Ledger's hardware wallet application, this fraudulent software managed to siphon off a sizeable sum before its removal.
Cryptocurrency investigator ZachXBT first brought attention to this scam on November 5, 2023, warning users of the counterfeit application. Analysis of the transactions to the scammer's Bitcoin address (bc1q...y64q) revealed the theft of approximately 16.8 Bitcoins, amounting to around $588,000, through 38 transactions. Further scrutiny indicated an additional address associated with the scheme accumulating roughly $180,000 across the Ethereum and Binance Smart Chain networks.
Microsoft responded by removing the deceptive application following the uproar. However, questions about their app vetting process and accountability have risen, especially since it's not the inaugural instance of such a scam. Reports from victims have intensified the call for stringent app store oversight and highlighted the risks associated with downloading cryptocurrency-related applications from less stringent sources.
The activity in the scammer's wallet commenced with a transaction dated October 24, suggesting a well-orchestrated plan that escalated from November 2. The largest single transfer recorded was $81,200 on November 4. Historical data indicated that the faux "Ledger Live Web3" app was listed on Microsoft's platform as early as October 19.
This event serves as a stark reminder of the dangers lurking in seemingly secure app stores and the importance of rigorous due diligence before downloading any financial management software.