Almost $600,000 in Bitcoin (BTC) has been stolen from users who downloaded a fake Ledger Live application on Microsoft’s app store, according to cryptocurrency sleuth ZachXBT.
The on-chain analyst spotted the scam, “Ledger Live Web3” on Nov. 5, which is tricking users into thinking that they’re downloading “Ledger Live” — a user interface for Ledger hardware wallets to store cryptocurrency offline.
Approximately 16.8 BTC worth $588,000 has been received by the scammer across 38 transactions using wallet address, “bc1q….y64q,” according to Blockchain.com. About $115,200 has left the scammer’s wallet across two transactions, leaving it with $473,800 or 13.5 BTC.
Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen
— ZachXBT (@zachxbt) November 5, 2023
Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn
In a follow up post, ZachXBT noted that Microsoft may have removed the fake Ledger Live app from its platform.
The first transaction sent to the scammer’s wallet address took place on Oct. 24, worth $5,210. Prior to that, the wallet hadn’t been used. Most of these transactions have taken place since Nov. 2, with the largest transfer totaling $81,200 on Nov. 4.
A search by Cointelegraph found the fake “Ledger Live Web3” application appeared in Microsoft’s app store as early as Oct. 19.
ZachXBT said they have received two messages from victims on Nov. 4 and even argued that Microsoft “should be held liable” for allowing the fake Ledger Live app to appear in its app store.
Sadly received two messages about this from victims today. Seems another person lost funds in just past few min. pic.twitter.com/yYPbizltN5
— ZachXBT (@zachxbt) November 5, 2023
Related: Ledger hardware wallet rolls out cloud-based private key recovery tool
It isn’t the first time a fake Ledger Live app has made its way into Microsoft’s app store either.
Ledger’s support account on X (formerly Twitter) informed its users about a fake Ledger Live app on two separate occasions in December and March.
Hey #ledger users
— Ledger Support (@Ledger_Support) December 26, 2022
Beware of fake Ledger Live apps published on the Microsoft Store
The only safe place to download Ledger Live is on our websitehttps://t.co/cDLX1rEWPf
Ledger will NEVER ask you for your 24-word recovery phrase ❌
Stay safe pic.twitter.com/0dXTJ7FeuO
Ledger hasn’t commented on the scam but has previously iterated to users that the "only safe place" to download Ledger Live is from its website, ledger.com.
Cointelegraph reached out to Microsoft for comment but did not receive an immediate response.
Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide
