A counterfeit Ledger Live app in the App Store enabled hackers to steal cryptocurrency worth at least $9.5 million, according to on-chain detective ZachXBT.
On April 13, one victim, G. Love frontman Garrett Dutton, revealed that he lost all his savings of 5.9 BTC (about $420,000) accumulated over 10 years to this scheme. He explained that he downloaded the wallet on a new computer and entered the seed phrase, only to find the software was fraudulent.
ZachXBT traced the stolen assets, which were moved through a series of transactions to the KuCoin exchange. The expert later clarified that the perpetrators used this platform to launder the stolen cryptocurrency.
C) Want to explain to the community why Kucoin allowed a threat actor to launder $9.5M+ tied to a fake Ledger app via 150+ Kucoin deposit addresses over the past week?
A few days before that another threat actor laundered $3.5M+ from the Bitcoin Depot incident via 25+ Kucoin… pic.twitter.com/vo7jb1rdwu
— ZachXBT (@zachxbt) April 14, 2026
“Over the past week, $9.5 million stolen through a fake Ledger app was laundered via more than 150 KuCoin deposit addresses. A few days earlier, $3.5 million from the Bitcoin Depot hack was moved through 25+ wallets on the platform,” he wrote.
The incident affected more than just the musician. Over 50 users across various networks, including Bitcoin, TRON, Solana, and XRP Ledger, were also victimized.
The phishing campaign ran from April 7 to 13. Among the largest losses were:
In all cases, victims entered their seed phrase into the fake app, giving perpetrators full control over their wallets.
ZachXBT also discovered that all deposit addresses on KuCoin, through which the stolen assets were moved, are linked to the AudiA6 service. This is a centralized crypto mixer that charges high fees for concealing illicit flows.
At the time of writing, Apple has removed the fake Ledger Live from the App Store. However, it remains unclear how this software passed moderation.
The on-chain detective suggested that the corporation might face legal consequences given the scale of the losses.
Ledger did not comment on the incident. However, the wallet team reminded users of basic phishing protection rules.
Protecting your digital life starts with staying alert to scams and phishing attempts.
As digital ownership grows, fraud is becoming more sophisticated, and more frequent.
Here are a few security reminders to keep top of mind 🧵 pic.twitter.com/az2Exj7cOu
— Ledger (@Ledger) April 13, 2026
First Quarter Losses
Experts at Hacken calculated that in the first quarter, Web3 projects lost $482 million due to hacks and fraud.
During the reporting period, phishing and social engineering attacks dominated. As a result of 44 incidents, hackers stole $306 million.
According to experts, the largest incidents occur not in on-chain code but at the operational and infrastructure levels, which traditional audits almost never cover.
Analysts cited examples such as:
- phishing, which cost the industry $306 million;
- a fake call from a “venture capitalist” (actually a North Korean hacker) to Step Finance, resulting in the project losing $40 million;
- the compromise of AWS key management service at Resolv Labs — $25 million.
Even where smart contracts are to blame, the most costly mistakes often involved old deployments and known vulnerability classes:
- Truebit lost $26.4 million due to an error in a Solidity contract deployed about five years ago;
- Venus Protocol suffered from a classic price oracle manipulation scheme known since 2022.
Audited projects (Resolv — 18 audits, Venus — five) lost $37.7 million. On average, their losses are higher than those of projects without audits. Protocols with a large TVL become targets for the most experienced hackers, noted Hacken.
Earlier in April, Solana project Drift Protocol lost $280 million. Experts linked the hack to the Lazarus group from North Korea.