Users who downloaded a counterfeit Ledger Live application from the Microsoft app store have fallen victim to a cryptocurrency theft, with approximately $770,000 worth of cryptocurrencies being taken.
The scam was first identified on November 5th by cryptocurrency investigator ZachXBT.
Named on the Microsoft store as “Ledger Live Web3,” the deceptive application misled users into believing they were downloading “Ledger Live,” an interface for Ledger hardware wallets used for offline cryptocurrency storage.
The bulk of the scam appears to be in Bitcoin, with the scammer has receiving around 16.8 BTC (almost $600,000) through 38 transactions, as reported by Blockchain.com.
The funds have since been removed.
Additionally, the wallet has also accumulated approximately $180,000 in ETH/BSC.
At the time of this report, Microsoft has removed the counterfeit Ledger Live application from its platform.
The initial transaction to the scammer’s wallet address occurred on October 24, amounting to $5,210.
Prior to this, the wallet had remained inactive.
The majority of these transactions transpired after November 2, with the largest transfer totalling $81,200 on November 4.
Phishing scams have been on the rise since the beginning of this year.
Hackers employ a variety of tactics, including DNS breaches, SIM swaps, or in this particular case, the Microsoft Store.
Hackers typically breach a centralised medium, such as DNS providers, Telecommunications service providers, or customer service centres to deploy such scams.
Observers on the X (formerly known as Twitter) state this was a “big break in credibility” on the part of Microsoft.
Cryptocurrency exchange Bitfinex was the most recent victim to such a phishing scam, which involved a small section of Bitfinex’s customer support boards, which contained partial, incomplete, and outdated information.