Fake Ledger Live app sneaks into Microsoft’s app store, $588K stolen

189
SHARES
1.5k
VIEWS

Related articles


Virtually $600,000 in Bitcoin (BTC) has been stolen from customers who downloaded a faux Ledger Stay software on Microsoft’s app retailer, according to cryptocurrency sleuth ZachXBT.

The on-chain analyst noticed the rip-off, “Ledger Stay Web3” on Nov. 5, which is tricking customers into considering that they’re downloading “Ledger Stay” — a consumer interface for Ledger {hardware} wallets to retailer cryptocurrency offline.

Roughly 16.8 BTC price $588,000 has been obtained by the scammer throughout 38 transactions utilizing pockets tackle, “bc1q….y64q,” according to Blockchain.com. About $115,200 has left the scammer’s pockets throughout two transactions, leaving it with $473,800 or 13.5 BTC.

In a observe up publish, ZachXBT noted that Microsoft might have eliminated the faux Ledger Stay app from its platform.

The primary transaction despatched to the scammer’s pockets tackle passed off on Oct. 24, price $5,210. Previous to that, the pockets hadn’t been used. Most of those transactions have taken place since Nov. 2, with the most important switch totaling $81,200 on Nov. 4.

A search by Cointelegraph discovered the faux “Ledger Stay Web3” software appeared in Microsoft’s app retailer as early as Oct. 19.

The faux “Ledger Stay Web3” app on Microsoft Apps. Supply: Microsoft

ZachXBT mentioned they’ve obtained two messages from victims on Nov. 4 and even argued that Microsoft “needs to be held liable” for permitting the faux Ledger Stay app to look in its app retailer.

Associated: Ledger hardware wallet rolls out cloud-based private key recovery tool

It isn’t the primary time a faux Ledger Live app has made its manner into Microsoft’s app retailer both.

Ledger’s assist account on X (previously Twitter) knowledgeable its customers a few faux Ledger Stay app on two separate events in December and March.

Ledger hasn’t commented on the rip-off however has beforehand iterated to customers that the “solely protected place” to obtain Ledger Stay is from its web site, ledger.com.

Cointelegraph reached out to Microsoft for remark however didn’t obtain an instantaneous response.

Journal: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide