The fake Ledger app had the same branding and the same interface as the real one, with even some experienced cryptocurrency users unable to differentiate between them.
Cryptocurrency commentator Scott Melker said one of his friends lost nearly $450,000 worth of Bitcoin after using a fake Ledger app from Apple’s App Store.
According to him, musician Garrett Dutton, also known as G. Love, lost 5.92 Bitcoin that he had since 2017 as part of a long-term safety net.
G. Love loses approximately 6 BTC to a scam application
Melker posted the incident on social media. Saying The theft occurred after Dutton unknowingly downloaded a fake wallet app, since it was difficult to distinguish from the real one because it had the same branding and the same familiar interface. Even Melker himself couldn’t tell the difference between the two after looking at them.
“For lack of a better word, this has been manipulated,” he wrote. “If you can’t confidently identify the official app within a place that’s supposed to be regulated and trusted, then something is fundamentally broken.”
Dutton was asked to enter the initial 24-word phrase once the app was installed, which then captured it, according to Milker, and allowed the criminals behind the scheme to recreate the wallet and steal the musician’s bitcoin.
However, on-chain investigator ZachXBT tracked down the stolen cryptocurrency, Saying It was laundered through KuCoin and deposited via nine different addresses.
Exchange then It has been marked transactions, tasked the anti-money laundering team to trace the funds and temporarily frozen the accounts identified by ZachXBT for seven days.
Lessons learned from loss
Milker described He described the incident as devastating but an important example that others can learn from.
You may also like:
He explained that the first problem was downloading the application without verifying it through official sources, noting that people should get used to confirming cryptocurrency-related applications on company websites or verified channels.
Another important thing he emphasizes is key phrases. In his opinion, the recovery phrase should only be entered directly into the device or stored offline. This is because placing it on a phone, computer, app or website creates the risk of someone else accessing the environment if the environment is compromised.
Additionally, users must assume full responsibility at all times when using a self-custodial wallet. This is because access is not protected by recovery systems under these circumstances.
Melker concluded by saying that hardware wallets are often thought to be secure, but the environment in which they are used may make them less secure.
“If there’s anything to take away from this, it’s to slow down and check everything,” he said. “Treat every interaction with your keys as if they are irreversible – because they are.”
This is not the first time criminals have tried to steal cryptocurrencies from Ledger users. Earlier in the year, a data breach at one of the wallet maker’s e-commerce partners, Global-e, exposed customer information, which attackers used to compromise. sends Phishing emails claiming a merger between Ledger and Trezor.
Free Binance $600 (CryptoPotato Exclusive): Use this link To register a new account and get an exclusive welcome offer of $600 on Binance (Full details).
Limited offer for Bybit’s CryptoPotato readers: Use this link To register and open a free position worth $500 on any currency!
