Ledger wallet holders lose $800k to fake app

A fraudulent crypto wallet application on the Microsoft store has swindled users out of $768,000 in Bitcoin and Ethereum.

On Nov. 5, crypto investigator ZachXBT issued a warning via the X platform (formerly Twitter) about the fraudulent application named Ledger Live Web3. The application deceived users by imitating the original Ledger Live app.

The official Ledger Live is a user interface app that allows hardware wallet users to store their crypto assets offline.

Community Alert: There is currently a fake Live app on the official App Store which was resulted in 16.8+ BTC ($588K) stolenScammer addressbc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q — ZachXBT (@zachxbt)

On-chain data revealed that the fraudsters behind the fake app had accumulated approximately 16,800 BTC, valued at around $588,000, through 38 transactions to the wallet address beginning with “bc1q…y64q”.

The initial theft was recorded on Oct. 24, 2023, with an estimated $87,600 being transferred to the scammer’s address.

Ledger, known for its self-custody crypto wallet solutions, offers a range of wallets, including the Ledger Nano S Plus, Ledger Nano X, and Ledger Stax, catering to varying user requirements. Despite the company’s reputation, the scammers have exploited the brand’s credibility.

At the time of reporting, a small portion of the stolen funds, about $115,760, has been moved from the scammer’s Bitcoin address, which still holds over 13.5 BTC, equivalent to roughly $476,012.

ZachXBT’s further investigations uncovered that the scammer also received close to $180,000 through an ETH/BSC address linked to the fake Ledger app, bringing the estimated theft to $768,000.

Update: Received an ETH/BSC address from a victim that has collected ~$180K in funds from the fake app.0x089Ecf0703B8E85183F29725f87da40AE488b7B9This brings the total amount stolen to $768K+— ZachXBT (@zachxbt)

Following the exposure, Microsoft appears to have removed the fraudulent application from their store. The dedicated page for the app on Microsoft’s website has been rendered inaccessible.

This incident is not an isolated case, with Ledger’s support team on the X platform having previously issued warnings about fake applications on two occasions within a year.

🚨 Hey usersBeware of fake Ledger Live apps published on the Microsoft Store👀The only safe place to download Ledger Live is on our website👇Ledger will NEVER ask you for your 24-word recovery phrase ❌Stay safe 🙏

— Ledger Support (@Ledger_Support)

Crypto scam trends declined in October

October saw the crypto sector witnessing its least amount of theft for the year 2023, as reported by CertiK. The month recorded 38 incidents encompassing hacks, exploits, and scams, leading to a combined loss of $32.2 million.

Compared to the cumulative 10-month loss of $1.4 billion, October’s figures represent a significant decrease, amounting to just about 25% of the average monthly losses observed throughout the year.

Despite the decrease in theft and scams, the recent Ledger app scam is a stark reminder of the persistent security risks within the crypto space, urging users to remain vigilant even in seemingly secure environments.

Read More

2023-11-06 12:59