In a concerning revelation, cryptocurrency
watchdog ZachXBT has identified a fraudulent scheme involving a counterfeit
Ledger Live application on Microsoft's app store, leading to the theft of
nearly $600,000 in Bitcoin. The deceptive app, named "Ledger Live
Web3," was found to be masquerading as the legitimate interface for
Ledger's hardware wallets, which are designed to securely store cryptocurrency
in an offline environment.
The fraud was meticulously executed, resulting in the accumulation of approximately 16.8 BTC, equivalent to $588,000, by the scammers through 38 transactions directed to the wallet address "bc1q…y64q," as per Blockchain.com's data. Interestingly, the scammers have already transferred about $115,200 out of their ill-gotten gains, leaving them with a balance of roughly $473,800 or 13.5 BTC.
Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen
— ZachXBT (@zachxbt) November 5, 2023
Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn
ZachXBT, in a follow-up disclosure,
suggested that Microsoft might have taken action to eliminate the phony Ledger
Live application from its store. The earliest transaction recorded to the
scammer's Bitcoin address was on October 24, amounting to $5,210, marking the
wallet's initiation for this fraudulent activity. Notably, a spike in
transactions was observed starting November 2, with the heftiest single
transfer being $81,200 on November 4.
An investigation by Cointelegraph revealed
that this spurious "Ledger Live Web3" app surfaced on Microsoft’s app
store as early as October 19. Adding to the concern, ZachXBT mentioned
receiving messages from two victims on November 4 and expressed the opinion
that Microsoft bears a degree of responsibility for the presence of the fake
app on its platform.
This incident is not the first instance of
a counterfeit Ledger Live app infiltrating Microsoft's app store; Ledger's
support channel on X (formerly known as Twitter) had previously alerted users
about similar scams in December and March.
🚨 Hey #ledger users
— Ledger Support (@Ledger_Support) December 26, 2022
Beware of fake Ledger Live apps published on the Microsoft Store👀
The only safe place to download Ledger Live is on our website👇https://t.co/cDLX1rEWPf
Ledger will NEVER ask you for your 24-word recovery phrase ❌
Stay safe 🙏 pic.twitter.com/0dXTJ7FeuO
While Ledger has not yet issued a statement
regarding this latest scam, the company consistently advises its customers that
the "only safe place" to download the Ledger Live application is
directly from its official website.
At the time of reporting, Cointelegraph's
request for a statement from Microsoft remained unanswered, leaving questions
about how such a deceptive application could breach the tech giant's defenses
and the measures being taken to prevent future occurrences.
إرسال تعليق