Musician Garrett Dutton, professionally known as G. Love, lost approximately $424,175 in Bitcoin on April 11, 2026, after downloading a fraudulent version of the Ledger Live app from the Apple Mac App Store.
Dutton, who has fronted G. Love & Special Sauce since 1994, reported that the theft occurred while he was setting up a new Mac computer. He searched the official App Store for the Ledger Live companion software, which is the standard interface for Ledger hardware wallets.
Upon installing the application, the software prompted Dutton for his 24-word recovery seed phrase. Once the information was entered, his entire Bitcoin holdings—totaling 5.92 BTC—were transferred out of his wallet.
Tracing the theft
On-chain investigator ZachXBT tracked the stolen funds through nine separate transactions. The investigator confirmed the Bitcoin was moved to deposit addresses associated with the KuCoin centralized exchange.
"I lost my retirement fund in a hack/scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store," Dutton stated on social media.
The fraudulent application was listed under the developer name "SAS SOFTWARE COMPANY," a name designed to mimic the legitimate French hardware manufacturer, Ledger SAS. The app utilized a highly accurate replica of the real Ledger Live interface to deceive users.
At least one other victim has been identified in a similar attack, losing 4.15 BTC to the same malicious software. Cybersecurity researchers at Moonlock previously flagged similar Ledger-related malware targeting macOS users in 2025, noting that these apps often spoof digital signatures to bypass security checks.
Apple has not yet issued a statement regarding the fraudulent app or its presence in the Mac App Store. ZachXBT publicly questioned how the malicious application bypassed Apple's standard review process.
