Fake Ledger Live App on Mac App Store Steals $9M+ in Crypto, Targeting Over 50 Users

A sophisticated scam has siphoned over $9 million in cryptocurrency from unsuspecting holders through a fraudulent Ledger Live application listed on Apple's official Mac App Store. The fake app, which successfully bypassed Apple's security vetting, has already impacted more than 50 users, including musician G. Love, highlighting a critical failure in the trusted app distribution channel for macOS.

The scam's mechanics are alarmingly simple yet effective. Users searching for the legitimate Ledger Live wallet management software were presented with the counterfeit app, which mimicked the real application's branding and interface. Once installed, the malicious software prompted users to enter their recovery seed phrases—the master keys to their crypto wallets—directly handing over complete control of their assets to the attackers. This incident underscores a growing trend of supply-chain attacks targeting the very platforms users rely on for security.

The breach places intense scrutiny on Apple's App Store review process, which failed to detect the fraudulent listing, and raises serious questions about the security assurances provided by major tech gatekeepers. For the cryptocurrency community, this is a stark reminder that even official app stores are not immune to sophisticated phishing campaigns. The incident will likely prompt renewed calls for enhanced verification protocols and could lead to increased user reliance on direct downloads from hardware wallet manufacturers, potentially undermining the convenience of centralized app marketplaces.