Almost $600,000 in Bitcoin has been stolen from users who downloaded a fake Ledger Live application from Microsoft’s app store. The scam, called “Ledger Live Web3,” mimics the legitimate “Ledger Live” interface used for Ledger hardware wallets to store cryptocurrency offline.
The scammer received approximately 16.8 BTC, equivalent to $588,000, across 38 transactions. A total of $115,200 was moved out of the scammer’s wallet in two transactions, leaving a balance of $473,800 or 13.5 BTC. The first transaction to the scammer’s wallet occurred on October 24 for $5,210, and most of the transactions took place since November 2, with the largest transfer amounting to $81,200 on November 4.
Microsoft may have removed the fake Ledger Live app from its platform in response to the incident. A search revealed that the fake “Ledger Live Web3” application appeared in the Microsoft app store as early as October 19.
The analyst who discovered the scam argued that Microsoft should be held liable for allowing the fake Ledger Live app to be listed in its app store. It’s worth noting that this isn’t the first time a fake Ledger Live app has infiltrated Microsoft’s app store.
Ledger has previously cautioned users that the “only safe place” to download Ledger Live is from its official website, ledger.com.
Users are advised to exercise caution and verify the legitimacy of applications and downloads, especially when dealing with cryptocurrency-related software.