Apple has removed a fake Ledger Live app from the Mac App Store after reports said it tricked crypto users into giving up the secret phrase that controls their wallets. For everyday holders, the story is a reminder that an official-looking app store listing is not the same thing as a safe download.
$9.5 million in crypto was reportedly stolen from about 50 victims, and BleepingComputer said Apple pulled the fake app after user reports. Ledger says its real Ledger Live download is available only from its own website, not from the Mac App Store.
KEY TAKEAWAYS
- BleepingComputer linked the fake Mac App Store listing to $9.5 million in losses across about 50 victims.
- The fake app asked for a 24-word recovery phrase, which gave attackers control of user funds.
- Ledger Live should be downloaded only from Ledger's website, and Ledger says it never asks for a recovery phrase.
Apple removed the fake app, but the trust problem is bigger
BleepingComputer reported that the fake listing copied Ledger branding closely enough to look routine, while MacRumors noted Apple removed it from the Mac App Store. Because those reports also say Ledger does not distribute its Mac software through Apple's store, the failure looks more like a bad distribution gate than a hardware-wallet breach.
The broader backdrop was already shaky for crypto. Bitcoin was trading near $73,683, while the Fear and Greed Index was 23, a reading Alternative.me labels Extreme Fear.
That nervous backdrop helps explain why app-store trust matters even in a non-price story. Because Ledger says fake apps remain a common scam tactic, user education now matters as much as device design, much like the broader security push described in Coinlineup's coverage of the Ethereum Foundation Launches $1M Security Subsidy Program.
How the fake Ledger app stole investor funds
Cointelegraph said victims were prompted to type a 24-word recovery phrase into the fake app. That phrase is the master key to a wallet, so once it was handed over, attackers could move funds without breaking Ledger's hardware.
Cointelegraph said ZachXBT tied the thefts to activity between April 7 and April 13, 2026 across Bitcoin, Solana, Tron, XRP Ledger and EVM-compatible networks. BleepingComputer highlighted losses of $3.23 million, $2.08 million and $1.95 million between April 8 and April 11, showing how fast a single stolen phrase can turn into a life-changing loss.
That pattern fits Ledger CTO Charles Guillemet's warning that users should not trust polished software environments by default. It also matches the software-layer risk behind Coinlineup's report on TRON Post-Quantum Signatures on Mainnet, where stronger security promises still depend on what users install and approve.
According to secondary reporting that cited tracing through more than 150 KuCoin deposit addresses, the stolen funds may have been funneled through a laundering network, but Apple and KuCoin had not publicly confirmed that route when the reports were published. BleepingComputer separately reported that KuCoin temporarily froze implicated accounts pending possible follow-up.
What Ledger users should do after the App Store scam
Cointelegraph reported that Guillemet said Ledger never asks for a 24-word recovery phrase and warned users not to trust official-looking software automatically.
"You cannot trust the software environment around you - not your browser, not your app store, not your desktop."
Charles Guillemet via Cointelegraph
Ledger's phishing guidance says fake Ledger Wallet and Ledger Live apps are a common scam tactic, and the only official download point is ledger.com/ledger-live. For a regular user, the safest rule is simple: bookmark that page and ignore every other install path.
That kind of basic verification matters even as crypto products get more polished for mainstream users. Coinlineup's coverage of Ripple and Kyobo Life Insurance's tokenized bond settlement plan shows how much effort is going into making blockchain tools feel familiar, but smoother packaging still does not prove software is authentic.
MacRumors said Apple had not published a public statement on the removal timeline or review failure when the reports were published. The same report relayed an unfiled class-action idea from ZachXBT, but with no lawsuit cited, the more useful near-term takeaway is practical: never type a recovery phrase into an app you did not verify yourself.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.