How Did the Ledger Live Scam Unfold?
A fraudulent Ledger Live application listed on the Apple App Store has been linked to approximately $9.5 million in stolen cryptocurrency, affecting more than 50 victims across multiple blockchains. The incident, flagged by blockchain investigator ZachXBT, took place between April 7 and April 13.
The attack targeted users across Bitcoin, Ethereum-compatible networks, Tron, Solana, and Ripple, indicating a broad operational scope rather than a single-chain exploit. Apple has since removed the malicious application from the App Store following the discovery.
The largest individual losses reached seven figures. Three victims alone lost $3.23 million in USDT, $2.079 million in USDC, and $1.95 million in combined assets including bitcoin, ether, and staked ether.
Where Did the Stolen Funds Go?
According to the investigation, the stolen assets were routed through more than 150 KuCoin deposit addresses linked to AudiA6, described as a centralized mixing service used to obscure transaction trails.
This routing structure suggests a coordinated laundering process designed to fragment and redistribute funds quickly across multiple addresses, reducing traceability. ZachXBT also pointed to a broader pattern of illicit flows moving through KuCoin-linked wallets over the past year.
In a separate case, the investigator traced around 54 BTC, valued at roughly $3.7 million, stolen from Bitcoin Depot to wallets associated with the same exchange.
Investor Takeaway
Why Do App Store Attacks Keep Succeeding?
The incident is part of a recurring pattern involving impersonation apps hosted on official app stores. Despite platform review processes, malicious applications continue to bypass controls and exploit user trust in verified distribution channels.
On April 12, musician Garrett Dutton reported losing 5.9 BTC after entering his recovery phrase into a similar fraudulent application, highlighting how social engineering remains central to these attacks.
Ledger has repeatedly warned that official app stores can host malicious copies of its software. The company advises users to download wallet applications only from its official website and to avoid entering recovery phrases into any app or online interface.
Ledger will never ask for your 24 words,” Ledger Chief Technology Officer Charles Guillemet said. “If anyone, or any app, is asking for your 24 words, assume something is wrong. The only protection that holds is keeping your private keys on a dedicated hardware device with a secure screen, like a Ledger signer, and never entering your seed phrase into any app or website. Your 24 words are your wallet.”
Investor Takeaway
What Are the Regulatory and Market Implications?
The laundering of funds through KuCoin-linked addresses comes as the exchange faces increased regulatory scrutiny. The platform previously paid more than $300 million in fines to US authorities in January 2025 to resolve anti-money laundering violations.
More recently, Austrian regulators blocked the exchange from onboarding new European Union users despite its MiCA authorization, adding to operational pressure in key jurisdictions.
The combination of security breaches and regulatory challenges reinforces ongoing concerns around exchange oversight, compliance controls, and the role of centralized platforms in facilitating or intercepting illicit activity.
