G. Love Loses $424K Bitcoin Savings to Fake Ledger App

Dutton has fronted G. Love & Special Sauce since 1994. He held the Bitcoin for about a decade as his retirement savings.

He was setting up a new Mac and searched the App Store for “Ledger Live.” That is the official companion software for Ledger hardware wallets. The app he found looked identical to the real thing.

After installation, the fraudulent program asked for his 24-word recovery seed phrase. Once he entered it, his entire Bitcoin holdings vanished instantly.

How the Fake Ledger App Scam Worked

The scam app replicated the real Ledger Live interface with alarming precision. Specifically, it was listed under the developer name “SAS SOFTWARE COMPANY.” That name closely mimics Ledger SAS, the French company behind the hardware wallet.

Victims typically see urgent messages about “suspicious activity” or “wallet verification.” As a result, these prompts demand immediate seed phrase entry. Once submitted, attackers gain full control of every wallet tied to that seed.

Cybersecurity researchers at Moonlock had already flagged similar Ledger-related malware targeting macOS users in 2025. According to their findings, fake applications often spoof bundle IDs and signatures to appear legitimate.

ZachXBT Traces the Stolen Funds

On-chain investigator ZachXBT quickly confirmed the theft. He traced the stolen 5.92 BTC through nine separate transfers to deposit addresses at KuCoin.

According to ZachXBT’s analysis, the funds were likely laundered through the centralized exchange. He also publicly questioned how the fake app bypassed Apple’s review process.

His investigation revealed that the malicious software used a developer name designed to mimic Ledger’s official identity. ZachXBT also noted attempts to suppress documentation of the incident.

Meanwhile, at least one other victim reportedly lost 4.15 BTC in a similar attack around the same time. As a result, combined known losses now exceed $720,000.

Apple Stays Silent on App Store Failure

Apple has not commented on the fraudulent app as of April 12. In addition, the company has not confirmed whether it removed the fake Ledger app from the Mac App Store.

This silence drew sharp criticism from the crypto community. Many users argue that App Store approvals create a false sense of security. When Apple approves an app, users naturally assume it is safe.

No legal action against the developers or Apple has been announced so far. Because of this gap in accountability, calls for stricter vetting of financial apps across all major platforms are growing.

Ledger’s Longstanding Warnings

Ledger has repeatedly warned users against downloading its software from third-party sources. Instead, the company says to obtain Ledger Live exclusively from ledger.com.

“Ledger will never ask for your 24 words,” the firm has stated in multiple security advisories. Despite these warnings, impostor apps keep appearing on major platforms. They exploit users’ trust in app store gatekeepers.

The core issue comes down to timing. Users face the highest risk during setup or migration. A new device creates a natural moment where convenience can override caution.

How to Protect Your Crypto From Fake Apps

Security experts recommend several steps to avoid similar scams. First, always download wallet software directly from the manufacturer’s official website. Never rely on app store search results for financial tools.

Second, verify app signatures before installation. Third, never enter your seed phrase into any software application. Legitimate wallet providers will never ask for it. Instead, keep seed phrases offline in physical form.

Hardware wallets keep private keys offline. However, that protection breaks down completely if the seed phrase goes to an attacker through a phishing app.

Fake Ledger Apps Are a Growing Problem

This is not an isolated event. Fake crypto apps have appeared on both Apple’s App Store and Google Play over the past several years. In some cases, phishing apps stayed live for weeks before removal.

Because Bitcoin trades near all-time highs, bad actors are refining their social engineering tactics. They target the user interface layer rather than blockchain code itself.

Consequently, the crypto industry continues to push for better education and stricter platform accountability. Incidents like this one show that centralized gatekeepers still play a flawed role in the ecosystem.

What Comes Next

Dutton has not shared details about recovery efforts. However, the public nature of his disclosure may help raise awareness and prevent similar losses.

Investigations into the fake Ledger app continue. The case will likely prompt calls for better vetting of financial apps across all major stores. For now, the message from security advocates is clear: verify twice, trust official sources only, and never share your seed phrase.

This is not financial advice. Always conduct your own research before making cryptocurrency decisions.