588 thousand dollars were stolen
Nearly $600,000 in Bitcoin (BTC) was stolen from users who downloaded a fake Ledger Live app on the Microsoft App Store, according to cryptocurrency sleuth ZachXBT.
An on-chain analyst spotted a scam called “Ledger Live Web3” on Nov. 5, which is tricking users into thinking they're downloading “Ledger Live” – the user interface for Ledger's hardware wallet to store cryptocurrency offline.
Approximately 16.8 BTC worth $588,000 was received by the fraudster in 38 transactions with the wallet address “bc1q….y64q,” according to Blockchain.com. About $115,200 left the fraudster's wallet in two transactions, leaving $473,800 or 13.5 BTC.
Community Alert: Currently 16.8+ BTC ($588K) stolen.
Scammer addressbc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn
— ZachXBT (@zachxbt) November 5, 2023
In a subsequent post, ZachXBT revealed that Microsoft may have removed the fake Ledger Live app from the platform.
The first transaction sent to the fraudulent wallet address took place on October 24 and was worth $5,210. The wallet had not been used before. Most of these transactions took place since November 2nd, with the largest transaction amounting to $81,200 on November 4th.
According to a search by Cointelegraph, the fake “Ledger Live Web3” application has appeared in the Microsoft App Store since October 19.
ZachXBT claims that they received two messages from victims on November 4 and that Microsoft “must be held accountable” for allowing the fake Ledger Live app to appear in the app store.
Two messages have sadly arrived today from victims on this issue. Looks like someone else lost money in the last few minutes. pic.twitter.com/yYPbizltN5
— ZachXBT (@zachxbt) November 5, 2023
Related: Ledger Hardware Wallet Releases Cloud-Based Private Key Recovery Tool
This is not the first time that a fake Ledger Live app has made its way to the Microsoft App Store.
The Ledger support account on X (formerly Twitter) notified its users about the fake Ledger Live app on two separate occasions in December and March.
Hello #registration users
Beware of fake Ledger Live apps published on the Microsoft Store
The only safe place to download Ledger Live is on our website https://t.co/cDLX1rEWPf
Ledger will never ask you for your 24 word recovery phrase ❌
Stay safe pic.twitter.com/0dXTJ7FeuO
— Ledger Support (@Ledger_Support) December 26, 2022
Ledger has not commented on the scam, but has previously told users that the “only safe place” to download Ledger Live is from its website, ledger.com.
Cointelegraph reached out to Microsoft for comment and did not receive an immediate response.
Magazine: ‘Account Summary' Supercharge Ethereum Wallet: A Dummies Guide
