Nearly $600,000 in Bitcoin Stolen Through Fake Ledger Live App on Microsoft's Platform

 

In a concerning revelation, cryptocurrency watchdog ZachXBT has identified a fraudulent scheme involving a counterfeit Ledger Live application on Microsoft's app store, leading to the theft of nearly $600,000 in Bitcoin. The deceptive app, named "Ledger Live Web3," was found to be masquerading as the legitimate interface for Ledger's hardware wallets, which are designed to securely store cryptocurrency in an offline environment.

The fraud was meticulously executed, resulting in the accumulation of approximately 16.8 BTC, equivalent to $588,000, by the scammers through 38 transactions directed to the wallet address "bc1q…y64q," as per Blockchain.com's data. Interestingly, the scammers have already transferred about $115,200 out of their ill-gotten gains, leaving them with a balance of roughly $473,800 or 13.5 BTC.

Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen

Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn

— ZachXBT (@zachxbt) November 5, 2023

ZachXBT, in a follow-up disclosure, suggested that Microsoft might have taken action to eliminate the phony Ledger Live application from its store. The earliest transaction recorded to the scammer's Bitcoin address was on October 24, amounting to $5,210, marking the wallet's initiation for this fraudulent activity. Notably, a spike in transactions was observed starting November 2, with the heftiest single transfer being $81,200 on November 4.

An investigation by Cointelegraph revealed that this spurious "Ledger Live Web3" app surfaced on Microsoft’s app store as early as October 19. Adding to the concern, ZachXBT mentioned receiving messages from two victims on November 4 and expressed the opinion that Microsoft bears a degree of responsibility for the presence of the fake app on its platform.

This incident is not the first instance of a counterfeit Ledger Live app infiltrating Microsoft's app store; Ledger's support channel on X (formerly known as Twitter) had previously alerted users about similar scams in December and March.

🚨 Hey #ledger users

Beware of fake Ledger Live apps published on the Microsoft Store👀

The only safe place to download Ledger Live is on our website👇https://t.co/cDLX1rEWPf

Ledger will NEVER ask you for your 24-word recovery phrase ❌

Stay safe 🙏 pic.twitter.com/0dXTJ7FeuO

— Ledger Support (@Ledger_Support) December 26, 2022

While Ledger has not yet issued a statement regarding this latest scam, the company consistently advises its customers that the "only safe place" to download the Ledger Live application is directly from its official website.

At the time of reporting, Cointelegraph's request for a statement from Microsoft remained unanswered, leaving questions about how such a deceptive application could breach the tech giant's defenses and the measures being taken to prevent future occurrences.