A fake Ledger Live app surfaced on the official Microsoft app store, resulting in over $768,000 being stolen before its removal, according to crypto sleuth ZachXBT. The scam wallet received nearly 17 Bitcoin from victims.
The fake Ledger Live app exploited the Microsoft Store’s credibility to lend legitimacy to an elaborate phishing scam. The ploy demonstrates the constant threats targeting crypto asset security.
Scam mimics genuine Ledger software
By uploading a fake Ledger Live app on Microsoft’s authentic storefront, the scam achieves a veneer of legitimacy that deceives users into trusting it.
The app likely mimicked the real Ledger interface to dupe victims into entering wallet seed phrases or other sensitive account details.
The hacker wallet identified by ZachXBT received 16.8 Bitcoin worth around $588,000 from victims of the Microsoft Store Ledger scam.
An associated Ethereum wallet contained another $180,000 in stolen funds. In total, losses exceeded $768,000 at the time of reporting.
Microsoft store removes the fake app
According to ZachXBT, Microsoft eventually took down the fraudulent Ledger Live app after being alerted. However, the scam had already managed to inflict major losses.
The tech giant’s trusted platform gave the fake app implied validity, leading more users to fall prey.
On-chain data indicates the hacker wallet received 38 total Bitcoin transfers between October 24 and November 5. The hacker then moved the stolen funds through numerous wallets in an effort to hide the money trail.
The Microsoft Store scam exemplifies the never-ending threats targeting crypto holders. Even savvy users can be fooled by sophisticated fakes of authentic apps and sites.
The Ledger case also demonstrates the need for platforms to aggressively vet apps for fraud before making them available. Crypto users should always double-check domains and be exceedingly cautious of where they enter sensitive data.