According to on-chain sleuth ZachXBT, around $800,000 in crypto assets has been carted away from users who installed a fake Ledger Live application on Microsoft’s app store.
Ledger Live Users Lose $600,000 In Bitcoin: Report
In a November 5 post on the X (formerly Twitter) platform, ZachXBT raised an alarm on the suspicious application, “Ledger Live Web3”, which is conning users into thinking they are installing the original “Ledger Live” app. The original Ledger Live is a user interface app that allows hardware wallet users to store their crypto assets offline.
Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen
Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn— ZachXBT (@zachxbt) November 5, 2023
According to on-chain data, roughly 16,800 BTC (worth approximately $588,000) has been received by the exploiter across 38 different transactions using the wallet address “bc1q…y64q”. The first set of funds (an estimated total of $87,600) were transferred to the scammer’s address on October 24, 2023.
As of this writing, only about $115,760 – across two transactions – has been moved out of the scammer’s wallet address. Meanwhile, the current balance of the address still stands at more than 13.5 BTC (worth roughly $476,012).
In a follow-up post on X, ZachXBT revealed that the scammer also used an ETH/BSC address to receive funds from the fake Ledger app. Based on the update, the exploiter has collected approximately $180,000 using this address, bringing their total loot to $768,000.
The on-chain investigator also noted that Microsoft may have finally removed the fake Ledger Live app from their app store. Meanwhile, the fake app’s dedicated page on Microsoft’s official website is no longer accessible.
It is worth noting that this is not the first time that a fake Ledger Live app has made its way into Microsoft’s app store. Ledger’s support account on X has had to warn its users about a fake app on two separate occasions in the space of a year.
🚨 Hey #ledger users
Beware of fake Ledger Live apps published on the Microsoft Store👀
The only safe place to download Ledger Live is on our website👇https://t.co/cDLX1rEWPf
Ledger will NEVER ask you for your 24-word recovery phrase ❌
Stay safe 🙏 pic.twitter.com/0dXTJ7FeuO
— Ledger Support (@Ledger_Support) December 26, 2022
October Saw A Notable Decline In Crypto Scams
In the month of October, the crypto space experienced a significant downturn in terms of theft, hitting its lowest point of 2023. According to CertiK’s findings, a total of 38 incidents, including from hacks, exploits, and scams, contributed to losses amounting to $32.2 million.
When considering the 10-month total of $1.4 billion, the losses incurred in October appear notably smaller, accounting for approximately a quarter of the running monthly average. While this decline in security incidents is a positive development, users are still cautioned about the existence of security threats even in the most unexpected places, as shown in this Ledger case.
Combining all the incidents in October we’ve confirmed ~$32.2M lost to exploits, hacks and scams.
Exit scams were ~$8M
Flash loans were ~$1.7M
Exploits were ~$22M
See more details below 👇 pic.twitter.com/67mq0ope7w
— CertiK Alert (@CertiKAlert) October 31, 2023
As digital assets continue to flourish, this harsh reality serves as a stark reminder of the need for vigilant cybersecurity measures to safeguard the investments of crypto enthusiasts worldwide.
Bitcoin price breaks above $35,000 again on the daily timeframe | Source: BTCUSDT chart on TradingView