Fake Ledger Live App on Apple App Store Allegedly Stole $9.5M, ZachXBT Points to KuCoin Laundering Trail

Fake Ledger Live App on Apple App Store Allegedly Stole $9.5M, ZachXBT Points to KuCoin Laundering Trail

N
News Editor 01
2026-07-08 13:24:12
Onchain investigator ZachXBT says a fake Ledger Live app on Apple’s App Store stole more than $9.5 million from over 50 victims in one week, with funds allegedly funneled through 150+ KuCoin deposit addresses.
LedgerApple App StoreKuCoinCrypto ScamZachXBT

Onchain investigator ZachXBT has alleged that a fraudulent Ledger Live application listed on Apple’s App Store stole more than $9.5 million from over 50 victims between April 7 and April 13. According to his findings, the losses spanned multiple blockchain ecosystems, including Bitcoin, EVM-compatible networks, Tron, Solana, and Ripple, before the stolen assets were allegedly funneled through more than 150 KuCoin deposit addresses.

Apple removed the fake application one day before ZachXBT publicly detailed the case on X. Still, the incident has intensified concerns about how malicious wallet software can pass review on a major app marketplace and remain accessible long enough to inflict large-scale losses on retail and high-net-worth crypto users alike.

Victims Lost Millions Across Multiple Assets

ZachXBT said the campaign affected dozens of users in just a single week. The three largest victims each reportedly suffered seven-figure losses. One user lost $3.23 million in USDT on April 9. Another lost $2.079 million in USDC on April 11. A third victim lost approximately $1.95 million on April 8, including 20.64 BTC, 211 stETH, and 70 ETH.

The case also drew wider attention because one of the named victims was musician Garrett Dutton, professionally known as G. Love, who reportedly lost nearly 6 BTC after downloading the fake app. The report described his loss as especially painful given that the bitcoin represented long-term savings accumulated over many years.

By publishing wallet addresses tied to the thefts, ZachXBT outlined a cross-chain pattern that suggests the operation was not limited to a single token standard or blockchain environment. Instead, the campaign appears to have targeted users holding a range of digital assets, making the total impact broader than a typical single-chain wallet drain.

Allegations Focus on KuCoin and AudiA6

A major part of ZachXBT’s accusation concerns what happened after the theft. He identified AudiA6 as the centralized mixing service allegedly used to move illicit proceeds. In his description, AudiA6 charged high fees to process suspicious funds and relied on exchange infrastructure to help obscure the trail.

ZachXBT specifically claimed that the stolen assets from the fake Ledger app were laundered through 150+ KuCoin deposit addresses. He also alleged that, just days earlier, a separate threat actor had laundered more than $3.5 million connected to the Bitcoin Depot incident through 25+ KuCoin deposit addresses. Based on those observations, he argued that weaknesses in exchange onboarding and instant-swap mechanisms may be enabling repeated abuse.

In a public reply to KuCoin’s official X account, ZachXBT sharply criticized the exchange, asking why it had allowed a threat actor to move more than $9.5 million tied to the fake Ledger operation through such a large number of deposit addresses in the span of one week. He further argued that lax controls around KYC and exchange services had made it easier for entities like AudiA6 to operate.

At the time referenced in the source report, KuCoin had not publicly responded to the specific allegations. The exchange account reportedly asked for a UID and support ticket number to investigate, a response that appeared more procedural than substantive. ZachXBT replied with an image intended to mock the adequacy of customer verification, implying that KYC safeguards were insufficient.

Apple’s App Review Process Under Scrutiny

The incident has also raised uncomfortable questions for Apple. Because the fake wallet app was distributed through the official App Store, victims may have assumed the software had passed a meaningful security review. ZachXBT suggested the situation could even form the basis for a class action lawsuit against Apple, though no such outcome was confirmed in the report.

The core issue is not only that a phishing-style wallet application existed, but that it apparently survived long enough on a trusted platform to deceive dozens of users. In crypto, where a single seed phrase disclosure can empty an entire wallet, trust in distribution channels matters enormously. When malicious software appears in an official store, the perceived legitimacy of that environment can amplify the damage.

The case therefore goes beyond a standard wallet-drain story. It touches on a larger industry problem: users are routinely told to avoid unofficial downloads, yet even official channels may not provide full protection against sophisticated impersonation or social engineering attacks.

Ledger Repeats a Critical Security Warning

In comments shared with Bitcoin.com News, Ledger CTO Charles Guillemet reiterated one of the most basic but important safety rules in self-custody: Ledger will never ask for your 24-word seed phrase. He said that if any person or app requests those recovery words, users should immediately assume something is wrong.

Guillemet emphasized that users cannot blindly trust their surrounding software environment, whether that means browsers, desktop applications, or even app stores. Attackers, he warned, operate wherever opportunity exists, including official distribution platforms. His broader message was that the most reliable line of defense remains keeping private keys on a dedicated hardware device with a secure display and never typing the recovery phrase into any website or app.

The warning reflects a long-standing principle in hardware wallet security: the seed phrase is the wallet. Once it is exposed, the attacker effectively gains full control over the assets, regardless of how reputable the app or interface appears on the surface.

Why the Case Matters

This episode stands out because of its scale, speed, and the institutions involved. The alleged theft exceeded $9.5 million in just one week, crossed multiple blockchain networks, involved a fraudulent app hosted on a mainstream mobile marketplace, and pointed to potential weaknesses in exchange-side monitoring. That combination makes it significant not only for individual victims, but also for platforms responsible for software distribution and financial compliance.

For users, the lesson is stark: downloading an app from a recognized marketplace is not enough to guarantee safety. For centralized exchanges, the allegations renew pressure to show that KYC, risk monitoring, and deposit screening systems can detect and disrupt laundering activity quickly. And for platform operators such as Apple, the case may intensify demands for tighter review procedures around crypto wallet software, where impersonation can have immediate and irreversible consequences.

As of the source report, the most concrete facts were these: Apple had removed the fake app, ZachXBT had linked the thefts to more than 150 KuCoin deposit addresses, and dozens of victims had already suffered losses. Whether those findings lead to regulatory action, litigation, or stronger marketplace controls remains to be seen, but the case has already become another high-profile warning about the risks of trusting appearances in crypto.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
400

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.