Nearly $800,000 in Bitcoin has been stolen from users who downloaded a fake Ledger Live application from Microsoft’s app store, cryptocurrency sleuth ZachXBT has revealed.
The scam, known as “Ledger Live Web3,” imitates the authentic user interface for Ledger hardware wallets, deceiving users into thinking it is the legitimate application.
Blockchain.com data reveals that the scammer has received 16.8 BTC, equivalent to $588,000, across 38 transactions, with $115,200 already transferred out of the scammer’s wallet.
According to a follow-up post by ZachXBT, the fake Ledger Live app have been removed from Microsoft’s platform.
Transactions to the scammer’s wallet address began on 24 October, with the majority occurring after 2 November, including a substantial transfer of $81,200 on 4 November.
Investigation found that the fraudulent “Ledger Live Web3” application had been present on Microsoft’s app store since at least 19 October.
Victims of the scam reportedly reached out to ZachXBT on 4 November, prompting him to criticise Microsoft for allowing the fake Ledger Live app on their platform.
Past Incidents and Security Protocols
Notably, this is not the first time a fake Ledger Live app has surfaced on the Microsoft app store, with instances previously occurring in December and March.
In December 2022:
In March 2023:
Ledger also advised users to download Ledger Live exclusively from their official website, ledger.com.