According to onchain analyst Zachxbt, hackers got away with more than $768,000 after sneaking a counterfeit Ledger Live application into the Microsoft App Store. Out of the stolen stash, the attack netted over 16.8 bitcoins worth $588,000.
Hackers Steal Over $760,000 in Crypto Through Fake Ledger App on Microsoft Store
A phony Ledger Live application was added to the Microsoft App Store, according to a report from onchain analyst Zachxbt on Saturday. Ledger is a cryptocurrency hardware wallet manufacturer. Since the attack, Microsoft has removed the counterfeit software from its applications store.
“Community Alert: There is currently a fake Ledger Live app on the official Microsoft App Store which resulted in 16.8+ BTC ($588K) stolen,” Zachxbt posted to the social media platform X.
But the theft did not end there. Zachxbt reported that another victim with an ETH/BSC address lost $180,000 from the fake Ledger application. “How is this even possible?” one person asked Zachxbt. The analyst replied by saying that app companies “do not vet apps diligently.” A similar instance occurred with Trezor this year when a fake app called “Trezor Wallet Suite” appeared in the Apple App Store (Trezor does not have an iOS application).
Ledger: ‘We Certainly Do Report It, but Only Microsoft Can Take It Down and Work on Their Side’
March 2021 saw a devastating event for one individual who fell for a counterfeit Trezor application found in Apple’s App Store, resulting in the loss of his entire bitcoin savings. The culprits made off with 17.1 bitcoins. The victim expressed more fury toward Apple than the actual robbers in a statement to The Washington Post.
At the time, Apple said, “In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future.”
Microsoft, Apple, and Google’s app stores have inadvertently permitted numerous imposter apps masquerading as legitimate software. These applications are often crafted to phish for a user’s seed or login details with the intent to hijack their funds. Vigilance is key when verifying an app’s legitimacy; this includes scrutinizing for typos, mismatched icons or explanations, and the developer’s contact details.
Ledger’s support team alerted the Twitter community to the counterfeit application. “Hey Ledger users. Beware of fake Ledger Live apps published on the Microsoft Store. The only safe place to download Ledger Live is on our website. Ledger will NEVER ask you for your 24-word recovery phrase. Stay safe.” Ledger further explained that the company also alerted Microsoft as well as the community.
What do you think about the fake Ledger app that made it into the Microsoft store? Share your thoughts and opinions about this subject in the comments section below.