In a recent incident, nearly $600,000 worth of Bitcoin (BTC) was stolen from unsuspecting users who downloaded a fraudulent Ledger Live application from Microsoft’s app store. The fraudulent app, named “Ledger Live Web3,” duped users into believing they were downloading the legitimate “Ledger Live” interface, which is designed for Ledger hardware wallets used to securely store cryptocurrency offline.
Cryptocurrency sleuth ZachXBT uncovered the scam in November promptly alerting the community to the malicious app. It managed to deceive users into downloading it, resulting in the theft of approximately 16.8 BTC, valued at $588,000. These ill-gotten gains were acquired through 38 transactions using the wallet address “bc1q….y64q,” as per data obtained from Blockchain.com. About $115,200 was subsequently transferred out of the scammer’s wallet through two transactions, leaving them with a balance of $473,800 or 13.5 BTC.
Microsoft’s App Store security raises concerns about Live App scam
The first transaction made to the scammer’s wallet occurred on October 24th, amounting to $5,210. Before this, the wallet had remained dormant. Most of the fraudulent transactions took place after November 2nd, with the largest single transfer being a staggering $81,200 on November 4th.
ZachXBT, who brought the scam to light, received messages from victims on November 4th and raised concerns about Microsoft’s role in allowing the fake Ledger Live app to appear in its app store. Some argue that Microsoft should be held liable for not providing adequate safeguards against such fraudulent apps. It is worth noting that this is not the first time a fake Ledger Live app has infiltrated Microsoft’s app store, as similar incidents occurred in December and March, prompting warnings from Ledger’s support account on social media.
While Ledger has not yet commented on this specific scam, the company has consistently emphasized to its users that the “only safe place” to download the legitimate Ledger Live application is from its official website, ledger.com. This highlights the importance of verifying the source of cryptocurrency-related applications and exercising caution while downloading from third-party platforms.
Although not officially confirmed, there are indications that Microsoft may have removed the fake Ledger Live app from its platform following reports of the scam. However, questions remain about the level of scrutiny and security measures applied by Microsoft to prevent such incidents from occurring in the first place.
