Fake Ledger Live App on Apple's Mac App Store Steals $9.5 Million in Crypto, ZachXBT Says

A counterfeit Ledger Live app listed on Apple's Mac App Store was used to steal at least $9.5 million in cryptocurrency from more than 50 victims, according to blockchain investigator ZachXBT. The lookalike app, posted under the developer name "Leva Heal Limited" and branded as "LeddgerLĭve," remained available for about two weeks before Apple removed it. ZachXBT said the thefts occurred between April 7 and April 13, affecting Bitcoin, multiple EVM-based networks, Tron, Solana and XRP Ledger. Users were instructed to enter their 24-word recovery phrase directly into the app, giving attackers full control of their wallets. Three victims recorded seven-figure losses: $3.23 million in USDT on April 9, $2.08 million in USDC on April 11, and $1.95 million in a mix of BTC, stETH and ETH on April 8. American musician Garrett Dutton, known as G. Love of G. Love and Special Sauce, lost 5.92 BTC worth about $424,000, which he described as his full retirement savings accumulated over a decade. Stolen funds were funneled through more than 150 KuCoin deposit addresses and linked to AudiA6, a centralized mixing service known for high-fee obfuscation. KuCoin paid more than $300 million to U.S. authorities in January 2025 over AML violations and was later barred from onboarding new EU users by Austrian regulators in February 2026, months after receiving its MiCA license. Ledger CTO Charles Guillemet reiterated that Ledger never asks for seed phrases and advised users to download wallet software only from the company's official website. Apple has not publicly explained how the app cleared its review process.