Apple confirmed it removed a malicious app impersonating the Ledger self-custody wallet after on-chain analysis showed more than 50 users were defrauded, losing about $9.5 million in total. The counterfeit Ledger Live app was taken down from the App Store and the developer account listed as “SAS Software Company” was terminated, Apple told Cointelegraph.
According to Apple, the developer used a bait-and-switch scheme to trick users into installing the fake Ledger Live app and revealing their seed phrases. Apple said such bait-and-switch violations are common: in 2024 it removed or rejected more than 17,000 apps for that tactic, rejected over 320,000 app submissions flagged as spam, copycat or misleading, and blocked more than 37,000 potentially fraudulent apps from reaching users.
Scammers sometimes win initial approval by complying with review rules, then swap screenshots or change descriptions to imitate a popular app. Apple has long fought this problem — for example, a clone of Nintendo’s Pokémon Yellow briefly appeared on the App Store in 2013 before being removed after user complaints.
Blockchain researcher ZachXBT reported the scam hit more than 50 crypto investors between April 7 and 13, with roughly $9.5 million stolen. Losses were concentrated among three large victims: one lost about $3.23 million in USDT, another about $2 million in USDC, and a third roughly $1.95 million across Bitcoin, Ether and staked Ether. Musician Garrett Dutton (G. Love) also publicly reported a $420,000 Bitcoin loss.
Similar frauds have appeared on other platforms — in late 2023 attackers bypassed Microsoft’s review process and stole nearly $600,000 via a fake Ledger Live app. These incidents highlight the need for crypto users to independently verify wallet apps and official distribution channels as scammers refine their tactics.
Cointelegraph says it remains committed to independent, transparent journalism; readers should verify information independently. Read the Editorial Policy at cointelegraph.com/editorial-policy.