A fraudulent version of the Ledger Live application on the Apple App Store led to the theft of approximately $9.5 million in cryptocurrency, according to blockchain investigator ZachXBT.
The theft targeted more than 50 victims across various blockchains, including Bitcoin, Solana, Tron, Ripple, and multiple EVM networks. The drain occurred between April 7 and April 13, 2026.
Three of the largest victims suffered seven-figure losses. These include a loss of $3.23 million in USDT, $2.079 million in USDC, and a combined $1.95 million in assets including Bitcoin, stETH, and ETH.
Funds routed through centralized mixer
ZachXBT traced the stolen assets through more than 150 KuCoin deposit addresses linked to AudiA6, a centralized mixing service used to launder illicit proceeds. The investigator noted that KuCoin has experienced an increase in illicit flows over the past year.
This incident follows a similar attack on April 12, where musician G. Love lost 5.9 BTC after entering his recovery phrase into a fraudulent application.
Ledger executives warned users that official app stores can host malicious software designed to steal funds. Ledger Chief Technology Officer Charles Guillemet stated that the company will never ask for a user's 24-word recovery phrase.
"If anyone, or any app, is asking for your 24 words, assume something is wrong," Guillemet said in a statement. He urged customers to download software only from the official Ledger website.
Apple has since removed the malicious application from the App Store.