TL;DR:
- A fake Ledger Live iOS app allegedly stole more than $9.5 million from over 50 victims between April 7 and 13.
- The three biggest reported losses were $3.23 million in USDT, $2.079 million in USDC, and $1.95 million in mixed crypto.
- ZachXBT linked laundering to 150+ KuCoin deposit addresses and said Apple removed the app after the fraudulent application had already been listed for several days on the App Store.
A fake Ledger Live application on Appleās App Store allegedly stole more than $9.5 million from over 50 victims in just one week, according to onchain investigator ZachXBT, turning what should have been a trusted distribution channel into the center of a fast-moving crypto theft operation. The reported losses stretched across Bitcoin, EVM chains, Tron, Solana, and Ripple between April 7 and April 13. What makes the incident especially jarring is that the attack appears to have scaled through an official app marketplace rather than an obscure phishing page.
The alleged losses were not small, scattered thefts. One victim reportedly lost $3.23 million in USDT on April 9. Another lost $2.079 million in USDC on April 11. A third lost $1.95 million on April 8, including 20.64 BTC, 211 stETH, and 70 ETH. Musician G. Love was also identified among the victims, with nearly 6 BTC reportedly stolen. Apple removed the application the day before ZachXBT published his findings. The picture that emerges is of a fraudulent app that stayed live long enough to inflict concentrated, seven-figure damage before disappearing.
Why the alleged laundering trail is drawing as much attention as the theft
ZachXBT said the stolen funds were laundered through more than 150 KuCoin deposit addresses and linked the flow to AudiA6, which he described as a centralized mixing service used to process illicit money. He also claimed that another threat actor had laundered more than $3.5 million from the Bitcoin Depot incident through over 25 KuCoin deposit addresses in the days before the Ledger-related theft. That allegation shifts the story from a fake-app scam into a much broader debate about exchange controls, KYC enforcement, and how easily stolen funds can still move through centralized venues.
The fallout now reaches beyond the victims themselves. ZachXBT argued the episode may provide grounds for a class action against Apple over the appās presence on the App Store. KuCoinās public response did not address the substance of the accusations, instead asking for a UID and ticket number, which ZachXBT mocked with an image meant to question the exchangeās verification standards. Ledgerās CTO, Charles Guillemet, responded with the most basic lesson of all: Ledger will never ask for a 24-word seed phrase. In the end, the scam is a brutal reminder that official distribution platforms can still become attack surfaces when users mistake placement for safety.
