Fraudulent Ledger Application Removed by Apple After $9.5M Cryptocurrency Theft

Following the theft of millions in digital assets, Apple confirmed to Cointelegraph the removal of a counterfeit Ledger Live application and the permanent ban of its developer from the platform.

Following an onchain investigation that revealed over 50 individuals were defrauded in a sophisticated scam resulting in combined losses of $9.5 million, Apple has verified that it removed a fraudulent application that posed as the Ledger self-custody cryptocurrency wallet.

In a statement to Cointelegraph on Tuesday, Apple confirmed that the counterfeit Ledger Live application had been taken down and that the developer behind it, identified as "SAS Software Company," had been permanently banned from the Apple App Store.

According to Apple, the developer employed a "bait-and-switch strategy" to deceive users into downloading a fraudulent version of the Ledger Live app and divulging their seed phrases.

Such bait-and-switch violations are relatively common on the Apple App Store, with the company reporting that throughout 2024, it eliminated or rejected over 17,000 applications for utilizing such deceptive tactics.

Additionally, the tech giant rejected over 320,000 app submissions that were identified as spam, copycat or misleading in nature and successfully prevented more than 37,000 potentially fraudulent applications from becoming available to users.

Two reviews and fake feature updates for the counterfeit Ledger Live app — User reviews and fraudulent feature updates displayed by the counterfeit Ledger Live application prior to its removal from the Apple App Store. Source: Archive.ph

Historically, bait-and-switch fraudsters on the Apple App Store have secured initial approval by submitting legitimate applications before subsequently uploading counterfeit screenshots or modifying descriptions to impersonate another popular, well-established app.

The company has been combating these types of scams dating back to at least 2013. During February of that year, fraudsters successfully uploaded a cloned version of Nintendo's Pokémon Yellow game to the Apple App Store and managed to sell copies until user complaints led to its removal.

These incidents underscore the vital importance for cryptocurrency investors to independently verify applications on third-party platforms as fraudsters continue to employ increasingly sophisticated and deceptive strategies.

On Monday, blockchain investigator ZachXBT discovered that more than 50 cryptocurrency investors had fallen prey to the fraudulent Ledger app scam during the period between April 7 and 13, which resulted in approximately $9.5 million in total losses.

The financial damage was predominantly concentrated among three individual investors — with one victim losing $3.23 million in USDt (USDT), a second losing $2 million in USDC (USDC) and a third suffering losses of $1.95 million worth of Bitcoin (BTC), Ether (ETH) and staked Ether.

Among the victims was Garrett Dutton, an American musician who performs under the stage name "G. Love," who publicly disclosed that he lost $420,000 worth of Bitcoin as a result of the scam.

During late 2023, scammers similarly managed to circumvent Microsoft's listing review process for its app store, which resulted in nearly $600,000 worth of cryptocurrency being stolen.