{"id":25736,"date":"2026-04-13T07:20:12","date_gmt":"2026-04-13T07:20:12","guid":{"rendered":"https:\/\/bitunikey.com\/news\/fake-ledger-live-app-on-apple-app-store-drains-5-9-btc-from-g-love\/"},"modified":"2026-04-13T07:20:27","modified_gmt":"2026-04-13T07:20:27","slug":"fake-ledger-live-app-on-apple-app-store-drains-5-9-btc-from-g-love","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/fake-ledger-live-app-on-apple-app-store-drains-5-9-btc-from-g-love\/","title":{"rendered":"Fake Ledger Live app on Apple App Store drains 5.9 BTC from G. Love"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p>A fraudulent app on Apple\u2019s App Store has drained $420,000 in Bitcoin from American musician Garrett Dutton, popularly known as \u201cG. Love.\u201d<\/p>\n<div id=\"cn-block-summary-block_8361ed31b4238b9e8841838181db002c\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>The fraudulent app managed to bypass Apple\u2019s security filters on the App Store to target users of the Ledger self-custody platform.<\/li>\n<li>A victim surrendered his private recovery phrase to the malicious software after downloading it onto his laptop.<\/li>\n<li>Blockchain data shows the stolen 5.9 Bitcoin moved to several deposit addresses at the KuCoin exchange shortly after the breach.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>According to a series of <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/glove\/status\/2043047396322451700\" target=\"_blank\">posts<\/a> on X, Dutton lost his 5.9 BTC stash after downloading a malicious program disguised as the Ledger Live manager on his new MacBook Neo where he was tricked into entering his seed phrase. The theft wiped out nearly a decade of savings intended for his retirement.<\/p>\n<p>\u201cI had a really tough day,\u201d Dutton shared with his followers, noting that the funds vanished \u201cin an instant.\u201d<\/p>\n<p>\u201cI been in the crypto circus since 2017. Today they caught me off guard. It was my own damn fault for not being more diligent. But let it serve as a warning. There\u2019s so many scams,\u201d he said.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>On-chain researcher ZachXBT tracked the stolen assets, revealing they were moved to addresses tied to the KuCoin exchange through nine separate transactions.\u00a0<\/p>\n<p>While KuCoin acknowledged the situation with a standard customer service response, the incident underscores the growing risk of high-tier app stores hosting predatory software.<\/p>\n<h1 class=\"wp-block-heading\">Evolution of hardware wallet phishing<\/h1>\n<p>Similar impersonation tactics that have plagued the industry for years. In 2023, a similar fake Ledger app surfaced on Microsoft\u2019s store, leading to nearly $600,000 in losses before the company admitted the software had bypassed its internal review process.\u00a0<\/p>\n<p>Reports from the FBI indicate these types of crimes are on the rise, with total crypto-related losses in the U.S. hitting $11 billion in 2025, a significant jump from the $9 billion reported the year prior.<\/p>\n<p>As previously reported by crypto.news, attackers were also found using physical mail to target hardware wallet owners.\u00a0<\/p>\n<p>Using contact details leaked in previous data breaches, scammers have been sending official-looking letters on forged letterheads to Trezor and Ledger users. These letters often demand a \u201cmandatory authentication check\u201d and use tight deadlines\u2014such as February 15, 2026\u2014to create panic.<\/p>\n<p>Recipients who scan the included QR codes are directed to malicious sites that request their 12 to 24-word recovery phrases. Once these phrases are entered, the attackers use backend APIs to seize full control of the victims\u2019 wallets.\u00a0<\/p>\n<p>Both Ledger and Trezor have faced scrutiny regarding the security of their customer databases, as these physical phishing campaigns rely heavily on the exposure of personal contact information from past security breaches.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A fraudulent app on Apple\u2019s App Store has drained $420,000 in Bitcoin from American musician Garrett Dutton, popularly known as \u201cG. Love.\u201d Summary The fraudulent app managed to bypass Apple\u2019s&hellip;<\/p>\n","protected":false},"author":1,"featured_media":2164,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-25736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/25736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=25736"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/25736\/revisions"}],"predecessor-version":[{"id":25737,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/25736\/revisions\/25737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/2164"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=25736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=25736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=25736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}