Fake Ledger App on Apple App Store Drains Over $400,000 in Bitcoin

A fake Ledger app on Apple’s Mac App Store cost musician G. Love nearly 6 BTC after he entered his recovery phrase into the malicious software. The stolen Bitcoin was worth more than $424,000.

In an April 11 X post, Garrett Dutton, the singer known as G. Love, explained the loss while he was moving his Ledger setup to a new Apple computer.

Bitcoin Theft Highlights Risks of Fake Wallet Apps

He explained that the incident occurred after he searched the App Store for Ledger Live, downloaded an app that looked authentic, and followed its prompts. The app then asked for his 24-word seed phrase. As soon as he entered it, the attackers drained the Bitcoin.

Dutton said the stolen funds were part of his retirement savings.

“I lost 5.9 BTC all I had for ten years I worked on this f#ck be careful out there,” he stated.

On-chain investigator ZachXBT said the stolen 5.92 BTC were routed through addresses identified as KuCoin deposit addresses.

When asked whether the funds could be recovered, ZachXBT said he did not expect KuCoin to intervene.

Instead, the on-chain investigator accused KuCoin of presenting itself as compliant only when it suited its interests. He also pointed to KuCoin’s loss of its MiCA license in February 2026, just three months after obtaining it, as evidence of deeper compliance problems.

ZachXBT continued, noting that illicit services continue to exploit broker and personal accounts on the platform, with little visible regulatory resistance. He added that the large number of deposit addresses suggested the thieves may have routed the funds through an instant exchange.

Meanwhile, Beau, head of security at Pudgy Penguins, warned crypto users never to enter a hardware wallet seed phrase on an internet-connected device such as a laptop or phone.

He said scammers often distribute fake wallet apps through email, deceptive advertisements, and even physical mail. The security expert added that users should treat any message urging them to download or update wallet software as a scam until they independently verify it.