Fake Ledger App on Apple Store Allegedly Stole $9.5M in a Week, ZachXBT Says

Fake Ledger App on Apple Store Allegedly Stole $9.5M in a Week, ZachXBT Says

N
News Editor 01
2026-07-08 13:26:16
Onchain investigator ZachXBT alleges a fake Ledger Live app on Apple’s App Store stole over $9.5 million from more than 50 users in one week, with funds reportedly laundered through over 150 KuCoin deposit addresses.
LedgerApple App StoreKuCoinCrypto ScamOnchain Security

Onchain investigator ZachXBT has alleged that a fraudulent Ledger Live application listed on Apple’s App Store stole more than $9.5 million from over 50 victims in the span of a single week. According to his findings, the thefts took place between April 7 and April 13 and affected users across multiple blockchain ecosystems, including Bitcoin, EVM-compatible networks, Tron, Solana, and Ripple. Apple reportedly removed the app one day before ZachXBT publicly shared his investigation, but not before substantial damage had already been done.

Large Losses Across Multiple Victims

The investigator said the three biggest victims each suffered seven-figure losses. One user allegedly lost $3.23 million in USDT on April 9. Another lost $2.079 million in USDC on April 11. A third victim was said to have lost about $1.95 million worth of crypto on April 8, including 20.64 BTC, 211 stETH, and 70 ETH.

Among the named victims was musician Garrett Dutton, better known as G. Love, who reportedly lost nearly 6 BTC after interacting with the fake app. The case drew broader attention because it illustrated how even high-profile or experienced users can be caught by software impersonating a trusted wallet interface.

Alleged Laundering Route Through KuCoin Addresses

ZachXBT further claimed that the stolen funds were laundered through more than 150 KuCoin deposit addresses. He linked the movement of funds to a centralized mixing service known as AudiA6, which he described as a high-fee operation used to process illicit money flows. In his account, the service functioned as a conduit for moving funds stolen through the fake Ledger app.

He also alleged that the same broader infrastructure had been used shortly before this incident in connection with the Bitcoin Depot case, in which more than $3.5 million was reportedly laundered through over 25 KuCoin deposit addresses. These claims have intensified concerns around exchange compliance controls, especially where deposit addresses and instant swap mechanisms can be exploited at scale.

Public Clash on X Raises KYC Questions

The allegations became more visible after ZachXBT publicly confronted KuCoin on X. Responding to a routine post from the exchange’s official account, he asked why KuCoin had allegedly allowed a threat actor to launder more than $9.5 million tied to the fake Ledger app through its deposit address network in the prior week. He argued that weak or abused compliance processes, combined with services like AudiA6, created room for illicit actors to operate.

KuCoin’s official account replied by requesting a UID and ticket number for investigation, a response that appeared procedural rather than substantive. ZachXBT then mocked the exchange’s know-your-customer controls by replying with an image of an infant’s ID document, implying that the platform’s KYC process was insufficient. As of the time of the report, KuCoin had not publicly addressed the specific allegations in detail.

Apple’s Review Process Under Scrutiny

The incident has also reignited debate over Apple’s App Store review system. A major question raised by the case is how a malicious application impersonating a widely recognized wallet product was able to pass platform review and remain available long enough to impact dozens of users. The fact that the app was removed only after significant losses had already occurred has led to renewed criticism of centralized app marketplace gatekeeping.

ZachXBT suggested that the circumstances could potentially form the basis for a class action lawsuit against Apple. While no such case was confirmed in the source material, the suggestion reflects growing frustration among crypto users who rely on large distribution platforms as a signal of safety.

Ledger Repeats Seed Phrase Warning

In comments shared with Bitcoin.com News, Ledger CTO Charles Guillemet emphasized a core security principle: Ledger will never ask users for their 24-word recovery phrase. He warned that if any app or individual asks for those recovery words, users should immediately assume something is wrong.

Guillemet added that users should not blindly trust the surrounding software environment, whether that means a browser, desktop program, website, or even an official app marketplace. According to him, attackers go wherever opportunity exists, including legitimate-looking distribution channels. In his view, the strongest protection remains keeping private keys on a dedicated hardware device with a secure screen and never entering a seed phrase into an app or website.

A Broader Trust Problem for Crypto Users

This case highlights a persistent problem in crypto security: brand imitation combined with platform trust can be devastatingly effective. Wallet apps, browser extensions, and phishing interfaces often succeed not because users ignore basic safety rules, but because malicious products are made to appear legitimate within environments people already trust.

The alleged theft of more than $9.5 million in one week underscores how quickly damage can accumulate when a fake application gains visibility in a mainstream app store. It also shows that the fallout extends beyond the initial theft itself, touching exchanges, compliance practices, app store governance, and end-user education. Whether further regulatory, legal, or platform-level action follows, the incident is likely to remain a major reference point in discussions about crypto app distribution and user protection.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
300

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.