Ledger Live is an application designed for users of Ledger hardware wallets, allowing them to manage and securely store their cryptocurrencies offline. However, a deceptive duplicate, named “Ledger Live Web3,” surfaced on Microsoft’s app store, leading to huge theft of bitcoin.
Deceptive App Triggers Massive Bitcoin Theft
Cryptocurrency investigator ZachXBT uncovered the fraudulent app on Nov. 5, masquerading as the legitimate Ledger Live. This imposter misled users into believing they were downloading the genuine application for offline cryptocurrency storage.
Approximately $588,000 in Bitcoin, equivalent to 16.8 BTC, was siphoned across 38 transactions by the scammer, using the wallet address “bc1q….y64q,” as reported by Blockchain.com. Despite $115,200 being withdrawn from the scammer’s wallet in two transactions, $473,800 or 13.5 BTC remained.
Unveiling the Scam
The initial transaction occurred on October 24, amounting to $5,210 Bitcoin. The majority of these fraudulent transactions happened after November 2, culminating in the largest transfer of $81,200 on November 4. Despite $115,200 being withdrawn across two transactions, the scammer still holds $473,800 or 13.5 BTC.
Immediate Action and Victim Reports
Fortunately, Microsoft swiftly removed the fake application upon confirmation. However, victims reported incidents to ZachXBT on Nov. 4, prompting discussions regarding Microsoft’s responsibility for allowing the counterfeit Ledger Live app in its store.
History of Fake Apps on Microsoft Store
This incident isn’t isolated. Earlier occurrences of fake Ledger Live apps infiltrating Microsoft’s app store were reported in December and March. Ledger, through its support account, warned users to solely download Ledger Live from their official website and not provide their 24-word recovery phrase to any source.
Avoiding Counterfeit Apps
Users should exercise caution when downloading cryptocurrency-related apps, particularly from third-party sources. Verify the app’s legitimacy by confirming its credibility through official channels rather than relying solely on app store listings.
Implications and Future Precautions
The discovery of such fake apps raises concerns about user security. The swift removal of the fake Ledger Live app by Microsoft illustrates the ongoing efforts to combat malicious content. The incident also underscores the necessity of enhanced vigilance to prevent further breaches.
The recent theft also extends beyond Bitcoin, with an additional $180,000 stolen from Ethereum blockchain and BNB Smart Chain (BSC), leading to a total theft of $770,000.
Instances of digital theft emphasize the importance of events like Benzinga’s Future Of Digital Assets Event, slated for November 14. This event will spotlight emerging trends, innovations, and challenges in digital asset security, serving as a crucial gathering for the community.
Background and Ongoing Security Concerns
The fake Ledger Live Web3 application was visible on Microsoft’s app store from October 19 and has now been removed. This isn’t the first instance of fake apps infiltrating Microsoft’s platform, as Ledger’s support account previously warned users about such counterfeits in December and March.
Recent cybersecurity breaches, like the $4.4 million crypto theft in a single day due to the LastPass breach, highlight the ongoing challenges in ensuring digital security.
By staying vigilant and verifying app sources, users can reduce the risk of falling prey to such fraudulent activities in the cryptocurrency.
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is the opinion of the author and does not reflect any view or suggestion or any kind of advice from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from the company.