Multiple cryptocurrency users have lost approximately $9.5 million after a fake Ledger Live app on the macOS App Store drained their funds.
The world of cryptocurrency has always carried significant risks, and even iPhone and iPad users aren't immune to its dangers. Now and then, malicious actors find ways to steal money, be it via outright hacking or through a cams designed to drain cryptowallets.
In April 2026, Mac users were hit with the latter after downloading a fake version of the Ledger Live app from the macOS App Store. The fake app was submitted by the publisher "Leva Heal," which has nothing to do with Ledger SAS, the owner and developer of the real Ledger Live app.
As BleepingComputer points out, the malicious Ledger Live app tricked 50 macOS users into giving away their seed and recovery phrases, which let bad actors take their funds in a matter of days.
Between April 8 and April 11, three victims ended up losing more than a million dollars each, the exact amounts being $3.23 million, $2.08 million, and $1.95 million.
In total, the thieves were able to take around $9.5 million before Apple finally removed the app in question from the macOS App Store.
Blockchain investigator ZachXBT explained that the scammers used several wallet addresses to receive funds in multiple cryptocurrencies, such as Bitcoin, Ethereum, Tron, Solana, and Ripple.
From these wallet addresses, the funds were then laundered via more than 150 deposit addresses on the KuCoin platform. This was allegedly conducted with the help of a laundering service known as "AudiA6."
However, the KuCoin platform has frozen the accounts allegedly involved in the cryptocurrency laundering scheme. The accounts are only frozen until April 20, unless authorities ask for an extension, which seems likely.
KuCoin is no stranger to controversy, as in February 2026, Austrian regulators banned the platform from enrolling new users based in the European Union. As CoinDesk points out, KuCoin has also settled anti-money laundering violations in 2025, when it paid US authorities more than $300 million.
24 words should be kept secret
Ledger's Chief Technology Officer Charles Guillemet said in a statement to The Block that the real app "will never ask for your 24 words."
"If anyone, or any app, is asking for your 24 words, assume something is wrong," added Guillemet. "The only protection that holds is keeping your private keys on a dedicated hardware device with a secure screen, like a Ledger signer, and never entering your seed phrase into any app or website."
In this case, "24 words" refers to the Ledger 24-word recovery phrase, also known as a seed phrase. It's a unique list of words, created during the initial setup process, which serves as the master backup for a user's private keys.
While the Ledger Live platform has more than 1.5 million active users worldwide as of 2023, only 50 of them were fooled by the fake macOS app. It remains to be seen if the victims will ever be reunited with their $9.5 million.
For most cryptocurrency and Mac users, though, there's ultimately little cause for alarm. That is, unless you downloaded your copy of Ledger Live from the macOS App Store, in which case AppleInsider suggests you delete it.
The official Ledger Live macOS app, now known as Ledger Wallet, is available on the Ledger SAS website. It's best to download it from the official website if you want to keep your cryptocurrency safe.
Apple has emailed about this story, repeating common talking points that are repeated whenever App Store review lets something like this slip by.
