Microsoft recently removed a fake Ledger Live app from its Microsoft App Store after hackers got away with more than $768,000 worth of cryptocurrency assets.
On November 5, 2023, blockchain researcher and crypto investigator ZachXBT brought the issue to light and warned the cryptocurrency community about the fraudulent app.
In a post uploaded on the X platform, ZachXBT firmly mentioned the existence of a fake crypto wallet management app titled “Ledger Live Web3”. This fake app imitates the authentic user interface for Ledger hardware wallets and tricks users into thinking that it is the original Ledger Live app.
Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen
Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn— ZachXBT (@zachxbt) November 5, 2023
According to ZachXBT, the scammer’s Bitcoin address (bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q) collected approximately 16.8 Bitcoins via 38 transactions totaling around $588,000 from unsuspecting users, with $115,200 already transferred out of the scammer’s wallet.
On further investigation, it was found that an additional address (0x089Ecf0703B8E85183F29725f87da40AE488b7B9) associated with the scheme collected roughly $180,000 across the Ethereum (ETH) and BSC from the fake app, bringing their total loot to $768,000.
Update: Received an ETH/BSC address from a victim that has collected ~$180K in funds from the fake app.
0x089Ecf0703B8E85183F29725f87da40AE488b7B9
This brings the total amount stolen to $768K+
— ZachXBT (@zachxbt) November 5, 2023
The first transaction of roughly $5,210 to the scammer’s wallet address occurred on October 24, with most of the transactions taking place after November 2, with the largest single transaction amounting to $81,200 on November 4th.
As soon as the issue was publicly highlighted on November 5, 2023, Microsoft responded immediately by removing the fraudulent app from its App Store. Also, the fake app’s dedicated page on Microsoft’s official website is no longer accessible. The fake Ledger Live app had reportedly been active in the Microsoft App Store since October 19, 2023.
When BleepingComputer reached out to Microsoft to question their screening process for submitted apps, a spokesperson for the company responded by saying that Microsoft is “continually working to ensure malicious content is identified and taken down quickly.”
This is not the first time that a fake Ledger Live app has appeared on Microsoft’s App Store, as Ledger’s official customer service account had previously issued warnings in December and March about counterfeit apps and iterated to users that the “only safe place” to download Ledger Live is from its official site, ledger.com.
? Hey #ledger users
Beware of fake Ledger Live apps published on the Microsoft Store?
The only safe place to download Ledger Live is on our website?https://t.co/cDLX1rEWPf
Ledger will NEVER ask you for your 24-word recovery phrase ?
Stay safe ? pic.twitter.com/0dXTJ7FeuO
— Ledger Support (@Ledger_Support) December 26, 2022