HQ/EMEAFind out how we can help your business
A fake Ledger Live app has breached the Microsoft Store, which impacted cryptocurrency fanatics and cost them $768,000 in digital assets.
The malicious app allegedly disguised itself as a Ledger Live Web3 app, slipped through the Microsoft Store on October 19 and executed its crypto theft operation a few days ago.
The vigilant blockchain enthusiast who goes by the name ZachXBT reported this malicious incident earlier this month. The reporter uncovered the rogue Ledger Live application and promptly alerted the cryptocurrency community.
Microsoft addressed the situation immediately by removing the fraudulent app from its store. Unfortunately, the fraudulent operation has already succeeded since the fraudster harvested approximately $768,000.
The fake Ledger Live app has exhibited numerous red flags.
According to investigations, the fake Ledger Live app did not use any tactic to appear legitimate. The app’s description had been lifted by the hackers almost precisely from the legitimate version found in the Apple Store. The fake app also displayed just one five-star rating, and the developer’s name was listed as “Official Dev.”
The actual scope of the damage remains uncertain, with no precise tally of how many Windows users fell prey to this fraudulent version of Ledger Live on the Microsoft Store. Messages streamed in from victims who had lost their crypto investments after installing the malicious app. A second cryptocurrency wallet associated with the scam had managed to siphon off around $180,000 from its unsuspecting victims.
A Google search revealed that the fake Ledger Live Web3 app had been residing in the Microsoft Store since October 19, while researchers became aware of it only on November 5.
Furthermore, the scammers have even developed a promotional page for the app using the GitBook documentation management platform, hosting it at the suspicious ladgerlivlugio[.]gitbook.io/us/. This page shamelessly marketed the app as an official Ledger product, available through the Microsoft Store, despite not resembling the genuine Ledger Live page.
As of now, the main question about the incident is how the fraudster slipped the malicious app into the Microsoft Store. Researchers and cryptocurrency users believe the investigation process may need a more thorough renovation to prevent such scams from infiltrating unsuspecting users’ devices.
