Nearly $600,000 in Bitcoin (BTC) has been stolen from users who downloaded the fake Ledger Live app from the Microsoft App Store. according to Cryptocurrency Detective ZachXBT.
On-chain analysts discovered a scam called “Ledger Live Web3” on November 5, which tricked users into thinking they were downloading “Ledger Live” – the Ledger hardware wallet’s user interface for offline storage of cryptocurrency.
The scammer received approximately 16.8 BTC worth $588,000 in 38 transactions using the wallet address “bc1q….y64q” according to Go to Blockchain.com. Through two transactions, approximately $115,200 has been drained from the scammer’s wallet, leaving $473,800 or 13.5 BTC.
Community Alert: There are currently fake products @Ledger Official live streaming app @Microsoft App Store leads to 16.8+ BTC ($588,000) stolen
scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn— ZachXBT (@zachxbt) November 5, 2023
In a follow-up post, ZachXBT famous Microsoft may have removed the fake Ledger Live app from its platform.
The first transaction was sent to the scammer’s wallet address on October 24 and was worth $5,210. Prior to this, the wallet had never been used. Most of these transactions occurred after November 2, with the largest transfer occurring on November 4, amounting to $81,200.
Cointelegraph’s search found that the fake “Ledger Live Web3” application appeared in Microsoft’s App Store as early as October 19.
ZachXBT said they received two messages from victims on November 4, and even argued that Microsoft “should be held responsible for allowing fake Ledger Live apps to appear in its app store.”
Sadly, I received two messages from victims today. It seems like another person lost funds within the last few minutes. pic.twitter.com/yYPbizltN5
— ZachXBT (@zachxbt) November 5, 2023
related: Ledger hardware wallet launches cloud-based private key recovery tool
This isn’t the first time a fake Ledger Live app has made its way into Microsoft’s App Store.
Ledger’s support account on X (formerly Twitter) notified its users of a fake Ledger Live app on two separate occasions in December and March.
Hey #ledger user
Beware of Fake Ledger Live Apps Posted on Microsoft Store
The only safe place to download Ledger Live is our websitehttps://t.co/cDLX1rEWPf
Ledger will never ask you for a 24-word recovery phrase ❌
be safe pic.twitter.com/0dXTJ7FeuO
— Ledger Support (@Ledger_Support) December 26, 2022
Ledger has yet to comment on the scam, but has previously reiterated to users that the “only safe place” to download Ledger Live is its website, ledger.com.
Cointelegraph reached out to Microsoft for comment but did not receive an immediate response.
Magazine: ‘Account Abstraction’ Enhances Ethereum Wallets: A Dummies’ Guide
Svlook
