Fake Ledger Live App on Microsoft App Store Used to Steal 16.8+ BTC

The app has been taken down but not before it received more than $768K of user funds.

Fake Ledger Live App on Microsoft App Store Used to Steal 16.8+ BTC
  • "There is currently a fake Ledger Live app on the official Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen. Scammer address: bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q," reported @ZachXBT.
  • Microsoft removed the malicious app the same day.
  • "Received an ETH/BSC address from a victim that has collected ~$180K in funds from the fake app. This brings the total amount stolen to $768K+," added @zachxbt.
  • "In a post on Reddit, another victim shared how they lost their life savings of $26,500 just a few minutes after typing the seed phrase into the fake Ledger Live app."
"Downloaded a new Ledger app I found on Microsoft Store after reinstalling windows on my computer for about 1-2 hours ago. Had not accessed it through ledger live in a while and was prompted to input my 24 word seed recover phrase. Didn't think more about that since so much had happened with both reinstalling Microsoft OS and Ledger Live App, but... It took a few minutes before I saw all my crypto, $18,5k bitcoin and about $8k alt coins disappear."
  • "Although the fraud was discovered on November 5, Google search results show that the fraudulent Ledger Live Web3 app had been present in the Microsoft Store since October 19, when the legitimate counterpart on Google Play received an update," reported Bleeping Computer.

Announcement / Archive
Bleeping Computer Article / Archive