Theft of nearly $600,000 worth of Bitcoin from users who downloaded a fake Ledger Live from Microsoft’s app store. Cryptocurrency investigator ZachXBT uncovered this scam, which emerged as “Ledger Live Web3” on November 5. The app masquerades as the legitimate “Ledger Live” application used for managing Ledger hardware wallets to store cryptocurrencies offline securely.
Reports reveal that the scammer received roughly 16.8 BTC, equivalent to $588,000, across 38 transactions. The bad actor used the wallet address “bc1q….y64q,” as documented on Blockchain.com. While approximately $115,200 has exited the scammer’s wallet through two transactions, a remaining $473,800 or 13.5 BTC remains.
Who’s Responsible?
A subsequent update from ZachXBT suggests that Microsoft may have removed the fake Ledger Live app from its platform.
The initial transaction sent to the scammer’s wallet address occurred on October 24, amounting to $5,210, after which the wallet remained inactive. Most illicit transactions have transpired since November 2, with the largest single transfer totaling $81,200 on November 4.
ZachXBT highlighted that he received two messages from victims on November 4 and voiced that Microsoft “should be held liable” for allowing the fake Ledger Live app to be available in its app store.
Regrettably, this is not the first occurrence of a fraudulent Ledger Live app infiltrating Microsoft’s app store. Ledger’s support account on Twitter informed users about such counterfeit apps twice in the past, in December and March.
For the sake of security, Ledger has emphasized to its users that the “only safe place” to download Ledger Live is its official website, ledger.com.
