Fake Ledger App Steals Millions in Bitcoin, Crypto From Holders—Including Musician G. Love

In brief A fake Ledger Live application in the Mac App Store swiped crypto from more than 50 users, according to analysis from ZachXBT. More than $9.5 million in crypto funds like Bitcoin, Solana, and XRP were stolen in total, the blockchain sleuth said. Musician G. Love was among the victims, losing more than $400,000 in Bitcoin to the scheme. A fake Mac app impersonating Ledger’s self-custody software led to the loss of more than $9.5 million in crypto assets from over 50 total users in the last week, according to a new investigation from pseudonymous on-chain sleuth, ZachXBT . The application, which pretended to be the Ledger Live app from which users can manage assets held by Ledger hardware devices, impacted victims from April 7 until April 13, when it was removed from the Apple App Store. “Stolen funds were laundered via 150+ KuCoin deposit addresses tied to AudiA6, a centralized mixing service that charges high fees to launder illicit funds,” ZachXBT posted in a message to his Telegram channel.  According to his analysis, at least three victims lost more than $1.95 million apiece, with one wallet being drained of $3.27 million USDT. Swiped assets included Bitcoin , Solana , XRP , USDT , and others. Musician G. Love—aka Garrett Dutton, frontman of the long-running rock band G. Love & Special Sauce—was among the victims impacted by the fake app, losing 5.92 BTC valued around $447,000. He shared his story on X over the weekend. “I had a really tough day today. I lost my retirement fund in a hack/scam when I switched my Ledger over to my new computer and by accident downloaded a malicious Ledger app from the Apple Store,” he posted on X on April 11 . “All my BTC gone in an instant.” Hi I traced out your 5.92 BTC stolen and it was all laundered via @kucoincom deposit addresses in the following transactions: 6f5c8eb6b01774626f33527e0cb03c0d1860447acacd6079e69bf41b459bcf1f 9ee1288f941b2c3775ebd125eefeebdc713aa160bf2cf9d18661fd07f84ce891… — ZachXBT (@zachxbt) April 12, 2026 The fake app would remain in the App Store for nearly two more days, according to ZachXBT’s analysis. A representative for Apple did not immediately respond to Decrypt’s request for comment. Upon noting that the stolen funds had been traced to KuCoin, the exchange’s support team responded to the musician, indicating that they had frozen a suspicious account related to the funds. “Please note that while we may assist [in] freezing the suspicious account upon receipt of relevant information or a credible complaint, such actions are still subject to due legal documents and processes to ensure compliance,” it posted on X . The exchange has reportedly been dealing with an increase in illicit activity on its platform, according to ZachXBT. Last month, it was barred from offering access to U.S. users unless it registered as a foreign board of trade. Last year, KuCoin was hit with a $14 million fine , the largest ever anti-money laundering fine in Canadian history, by the nation’s financial regulator. Fake applications and websites are among the most common phishing vectors for Ledger users, according to the firm’s dedicated phishing campaign page, along with fake calls, emails, and letters.The U.S. Attorney's Office for the District of Connecticut recently recovered $600,000 worth of crypto assets that had been part of a fraud scheme using fake letters purported to be from Ledger. A representative for Ledger did not immediately respond to Decrypt’s request for comment and it has not issued a public statement about the recent phishing campaign. Daily Debrief Newsletter Start every day with the top news stories right now, plus original features, a podcast, videos and more. Your Email Get it! Get it!