TL;DR
- A fake Ledger Live app in the Mac App Store was behind crypto theft estimated at $9.5 million between April 7 and 13, 2026
- Over 50 victims have been confirmed, including a musician who lost his entire retirement savings in Bitcoin
- The app was available for about two weeks before Apple removed it
- Apple rejects the criticism, but legal experts warn of potential class-action lawsuits
Apple Defends App Store After Massive Crypto Fraud
A criminal actor managed to publish a highly convincing copy of the popular crypto wallet Ledger Live in the Mac App Store, keeping it there for approximately two weeks. According to DL News, at least 50 users were defrauded of a total of around $9.5 million – equivalent to nearly 90 million Norwegian kroner at current exchange rates – between April 7 and 13, 2026.
The app was registered under the publisher name “Leva Heal Limited” and developer account “SAS Software Company,” mimicking Ledger Live's official interface with great precision. Users were tricked into entering their 24-word recovery phrase, which gave attackers full control over their wallets.
The app mimicked Ledger Live so convincingly that even experienced crypto users were tricked into revealing their secret recovery phrase.
Victims Lost Bitcoin, Solana, and More
The stolen funds included Bitcoin (BTC), Ethereum (ETH), Solana (SOL), Tron (TRX), and XRP. Among the victims is musician G. Love, who, according to DL News, lost 5.9 BTC – worth around $75,000 at the time – an amount he describes as his retirement fund.
After the funds were stolen, they were laundered through over 150 deposit addresses on the KuCoin exchange and a centralized crypto mixer called “AudiA6,” according to DL News' source material.
Security Community: A Structural Problem
Security experts cited in the research material point out that Apple's review process is primarily designed to detect technically malicious code and policy violations – not to catch sophisticated visual impersonations of legitimate apps. It is described as a system "structurally ill-equipped to detect semantic impersonation of hardware wallet interfaces, where the deception lies in a fake user interface requesting sensitive information, not in malicious code execution."
Macworld has previously reported on similar incidents and characterized Apple's approach as “disturbingly lax” when it comes to reviewing apps in this category.
This is also not the first time fake wallet apps have appeared in established app stores. In 2023, a fake Ledger app in Microsoft's app store resulted in losses of nearly $600,000, and in June 2025, Apple was sued in a class-action lawsuit related to a fake trading app called “Swiftcrypt,” where a user allegedly lost $80,000.
Apple: We Rejected 320,000 Apps in 2024
Apple, for its part, has defended its App Store security processes. A spokesperson stated, according to DL News, that in 2024, the company rejected over 320,000 app submissions for being spam or copies of other apps, and that over 37,000 potentially fraudulent products were prevented from reaching users. The company emphasizes that all apps and updates undergo a review for privacy, security, and usability.
That said, it is difficult to reconcile these figures with an overtly criminal app remaining available for download for two weeks.
Legal Risk Grows
Legal observers assess that the extent of the damage from the Ledger copycat could form the basis for new class-action lawsuits against Apple. Already ongoing lawsuits – including the Swiftcrypt case from 2025 – claim that Apple misled users by presenting the App Store as a safe and thoroughly controlled platform.
For Ledger users, the most important lesson is clear: The only official Ledger developer ID for macOS is X6LFS5BQKN. Another ID, such as A85B4X4K2R, is a sure sign of a malicious application. Ledger Live should only be downloaded from ledger.com or verified channels.
The case is developing. 24Krypto is following any potential lawsuits and Apple's further actions.
