Apple has removed a fraudulent crypto wallet app from the Mac App Store after it was linked to roughly $9.5 million in stolen funds. The app impersonated Ledger Live and targeted Mac users, tricking them into handing over access to their cryptocurrency wallets over a short window between April 7 and April 13, 2026.
The incident highlights a critical gap in App Store review, especially as crypto scams continue to evolve. More than 50 users were affected, with several losing seven-figure amounts. The attackers relied on a simple but effective tactic that bypassed technical safeguards by exploiting user trust in official app marketplaces.
The fake app mimicked the legitimate Ledger Live experience but introduced a key difference. It prompted users to enter their 24-word seed phrase during setup. This is something the real Ledger app never requests. Once entered, attackers gained full control of the victims’ wallets and drained funds almost instantly.
Blockchain investigator ZachXBT traced the stolen assets across multiple networks, including Bitcoin, Ethereum, Solana, Tron, and XRP. The funds were funneled through more than 150 deposit addresses on the KuCoin exchange and then routed into a mixing service known as AudiA6, which is used to obscure transaction trails.
Three of the largest reported losses included $3.23 million in USDT, $2.08 million in USDC, and nearly $2 million in combined crypto assets. These unusually large individual losses suggest that even experienced users fell for the scam, likely due to the app’s presence on Apple’s official storefront.
Ledger has reiterated that its software should only be downloaded from its official website. The company has consistently warned that it never asks users to enter their recovery phrase in any app or interface. The seed phrase is meant to remain offline and should only be used directly on a hardware device for recovery.
Apple has not commented on how the app passed its review process or why it remained available for nearly two weeks. The company removed the listing after reports surfaced, but the delay has raised concerns about platform accountability. Some observers, including ZachXBT, have suggested the case could lead to legal action given the scale of losses.
This is not an isolated incident. Fake apps and impersonation tactics have appeared on major app stores before, often re-emerging under different developer accounts. The combination of trusted distribution channels and social engineering continues to make these scams effective, even without sophisticated malware.
For users, the takeaway is straightforward. No legitimate crypto wallet app will ever ask for a seed phrase during setup. Entering it into any app, regardless of where it is downloaded from, effectively hands over full control of the wallet.
(via CoinDesk)
