A fraudulent version of the Ledger Live app distributed via Apple’s App Store drained at least $9.5 million in cryptocurrency from dozens of users in a week-long phishing campaign.
The attack, which took place between April 7 and April 13, targeted more than 50 victims across Bitcoin, Ethereum, Solana, Tron, and XRP networks.
Victims unknowingly entered their recovery phrases into the malicious app, granting attackers full control over their digital wallets.
One user, posting on X under the handle @glove, lost 5.9 BTC, representing a decade of savings. “I lost my retirement fund in a hack/scam… All my BTC gone in an instant,” the user wrote.
Blockchain investigator ZachXBT traced the stolen 5.92 BTC to KuCoin deposit addresses. The funds were funneled through a series of transactions linked to AudiA6, a centralized laundering service.
Laundering through KuCoin
Stolen assets moved through more than 150 KuCoin deposit addresses. The use of a centralized exchange for laundering is particularly notable given KuCoin's recent regulatory scrutiny.
In 2025, KuCoin paid over $300 million to U.S. authorities to settle anti-money laundering violations. More recently, Austrian regulators barred the exchange from onboarding new EU users.
Three of the largest thefts involved seven-figure losses. On April 9, attackers stole $3.23 million in USDT, followed by $2.08 million in USDC on April 11 and $1.95 million in BTC, ETH, and stETH on April 8.
Apple has since removed the fake Ledger Live app from the App Store. However, the breach of Apple's review process has led to calls for legal action.
ZachXBT suggested the incident could form the basis for a class-action lawsuit against Apple. The scale of the loss via an official marketplace remains a central point of scrutiny.
Industry-wide losses to scams and hacks reached approximately $17 billion in 2025. Social engineering and phishing remain the primary vectors for these attacks.
“I worked ten years for this,” the victim @glove wrote following the loss. “Be careful out there.”
