On April 11, 2026, Philadelphia musician G. Love (Garrett Dutton) lost approximately 5.92 Bitcoin (valued at $424,175) — his entire retirement savings accumulated over nearly a decade — after downloading a counterfeit Ledger Live application from the Apple Mac App Store while setting up his Ledger hardware wallet on a new computer.
How the Attack Unfolded
G. Love publicly disclosed the loss on social media platform X. He explained that while migrating his Ledger wallet to a new Mac, he searched for “Ledger” in the Mac App Store, found an app that appeared official, and installed it. The counterfeit app prompted him to enter his 24-word secret recovery phrase (seed phrase). The moment he typed it in, attackers immediately drained his Bitcoin address. He shared the transaction hash and a Bitcoin donation address, asking followers who wished to help him “re-up” to send funds.
He later confirmed that only his Bitcoin was affected; no other crypto assets were compromised. “It’s just hard getting got,” he wrote. “I’ve been in the crypto circus since 2017. They got me today. My fault for not being more careful. But let this be a warning — the scams are wild.”
On-Chain Tracing by ZachXBT
On-chain investigator ZachXBT quickly tracked the stolen funds. He confirmed that approximately 5.92 BTC had been moved in nine separate transactions to what appeared to be KuCoin deposit addresses, indicating the funds were being laundered through that exchange. All transaction records are publicly visible on any Bitcoin blockchain explorer.
Some community members questioned the story’s plausibility, noting that Ledger hardware wallets require physical confirmation on the device itself. G. Love explained that social engineering had convinced him to voluntarily input his seed phrase — exactly the attack vector this scam was designed to exploit.
Community Reaction and Security Warnings
The incident drew mixed reactions on X. Many users expressed sympathy, while others debated the narrative’s credibility and flagged the public donation address as a red flag. G. Love defended himself: “I’m… fine,” he said. “It just sucks to be scammed. Screw all you haters calling me a liar.”
This attack follows a documented pattern targeting macOS users. Cybersecurity firm Moonlock reported in 2025 that malware had been designed to replace legitimate Ledger Live installations on macOS, prompting users to enter their seed phrases. Apple’s Mac App Store has previously shown fake Ledger apps listed by third-party sellers, not the real developer, Ledger SAS.
Ledger has repeatedly stated that its software is only available from ledger.com and is not distributed through any consumer app stores. Any app appearing under a different developer name is fraudulent.
The Mechanics of the Scam
The attack is simple: a user searches an app store, finds a convincing listing, downloads it, and when the app requests the seed phrase, the user provides it. From that moment, the attacker has full and permanent access to any wallet derived from that phrase. The hardware wallet itself offers no protection once the seed is exposed.
Self-custody requires that the seed phrase never leaves the physical Ledger device. It should only be entered directly on the device during initial setup. Typing it into any app, website, or computer compromises the entire wallet.
As of April 12, 2026, mainstream media had not covered the story. Bitcoin.com News was the first to report it. G. Love indicated he will continue his career, expressing gratitude for his health, family, and music — including a recent performance at Tortuga Fest. No legal action has been announced.

