HomeBlockchainLedger's fake hardware wallet app and fraud in Microsoft's App Store

Ledger’s fake hardware wallet app and fraud in Microsoft’s App Store

In an incredible security breach, a fake ‘Ledger Live Web3’ app designed to emulate the famous hardware wallet infiltrated Microsoft’s app store, leading to an estimated $588,000 in bitcoin fraud. 

This article examines the technical intricacies of this cryptocurrency theft and the subsequent actions taken by the crypto community and platform providers.

Fake Ledger hardware wallet app infiltrates Microsoft’s App Store, causing $588,000 in cryptocurrency fraud

In a recent cybersecurity incident, cryptocurrency enthusiasts were left in shock when approximately $588,000 in bitcoin was stolen by malicious attackers through the fake ‘Ledger Live Web3’ app on Microsoft’s App Store. 

This malicious scheme came to light thanks to the vigilant efforts of cryptocurrency analyst ZachXBT, who discovered the fraudulent software on 5 November 2023.

The perpetrators of this brazen cryptocurrency theft cleverly designed the fake application ‘Ledger Live Web3’ to trick users into thinking they were downloading the authentic “Ledger Live” interface. 

The latter, a trusted platform, primarily serves as an interface for Ledger hardware wallets, allowing users to securely store their cryptocurrencies offline.

The fraudulent operation managed to accumulate as much as 16.8 BTC, equivalent to $588,000, through 38 transactions. 

These nefarious activities took place through a wallet address named ‘bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q’, as documented by several news outlets. 

To date, the fraudsters have misappropriated approximately $115,200 of their ill-gotten gains in two separate transactions, leaving them with a total of $473,800 or 13.5 BTC.

The nefarious activity began on 24 October 2023, with a $5,210 transaction sent to the address of the scammer’s wallet. 

Prior to this event, the wallet had been inactive, with no previous transactions in its name. Subsequently, most of the fraudulent transactions took place from 2 November, with the largest transfer occurring on 4 November, totalling an impressive $81,200.

An investigation revealed that the counterfeit application ‘Ledger Live Web3’ had appeared on Microsoft’s App Store as early as 19 October 2023.

Ledger Live scam not an isolated incident

This is not an isolated incident, as it is the latest case of a fake Ledger Live application infiltrating Microsoft’s App Store. 

Previously, the Ledger support account, specifically on Twitter (now known as X), had warned its users about fake Ledger Live applications in both December and March.

Despite the alarming nature of this incident, Ledger has made no official comment or statement about the scam. 

However, Ledger has always stressed to its user base that ‘the only safe place’ to download the legitimate Ledger Live application is directly from its official website, ledger.com.

To find out what action Microsoft has taken in response to this security breach, the technology giant was contacted for comment or clarification. 

At the time of writing, Microsoft has not provided an immediate response, leaving the cryptocurrency community and affected users waiting for further information.

This incident serves as a reminder of the inherent risks and vulnerabilities in the cryptocurrency space, where the lure of potential financial gain coexists with the constant threat of cybercriminal activity. 

As the cryptocurrency ecosystem continues to evolve, users are urged to exercise caution and adopt sound security practices to protect their valuable digital assets.

In conclusion, the fraudulent infiltration of Microsoft’s App Store by the fake “Ledger Live Web3” application, which resulted in the theft of $588,000 in Bitcoin, underscores the critical importance of vigilance and due diligence within the cryptocurrency community. 

This incident serves as a call to action for both users and platform providers to remain steadfast in their commitment to cybersecurity and to continue their relentless pursuit of protecting the assets of the digital economy.