Fake Ledger Live app in Microsoft Store steals $768,000 in crypto

Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.

Published with the name Ledger Live Web3, the fake application appears to have been present in the Microsoft Store since October 19 but the cryptocurrency theft started being reported just a couple of days ago.

Red flags all over

Blockchain enthusiast ZachXBT alerted the cryptocurrency community on November 5 of a fraudulent Ledger Live application in the Microsoft Store that stole almost $600,000 from users who installed it.

Microsoft reacted on the same day and removed the app from the store but the fraudster had already transferred more than $768,000 from victims.

The fraudster did not spend much effort in making the fake Ledger Live app appear legitimate, though. Looking at the entry in the Microsoft Store, there are sufficient red flags to raise suspicion.

Beyond the description that was copied word for word almost entirely from the legitimate app in the Apple Store, the app had only one five-star rating when it was taken and the fraudster used “Official Dev” for the developer name.

It is unclear how many Windows users fell victim to the false version of Live Ledger on Microsoft Store but ZachXBT received messages from multiple victims who had lost cryptocurrency after installing the fake app.

A second cryptocurrency wallet used for the scam had collected about $180,000 from victims.

In a post on Reddit, another victim shared how they lost their life savings of $26,500 just a few minutes after typing the seed phrase into the fake Ledger Live app.

Downloaded a new Ledger app I found on Microsoft Store after reinstalling windows on my computer for about 1-2 hours ago. Had not accessed it through ledger live in a while and was prompted to input my 24 word seed recover phrase. Didn't think more about that since so much had happened with both reinstalling Microsoft OS and Ledger Live App, but... It took a few minutes before I saw all my crypto, $18,5k bitcoin and about $8k alt coins disappear

Although the fraud was discovered on November 5, Google search results show that the fraudulent Ledger Live Web3 app had been present in the Microsoft Store since October 19, when the legitimate counterpart on Google Play received an update.

Whoever is behind the scam also created a page for the app using the GitBook documentation management platform and hosting it at ladgerlivlugio[.]gitbook.io/us/

The page promotes the app as being an official Ledger product that is available through the Microsoft Store, although it is far from a lookalike of the legitimate Ledger Live page.

Given all the signals that alert of a possible scam, it is uncertain how the fraudster managed to publish the app in the Microsoft Store. ZachXBT believes that the vetting process is not thorough enough.

BleepingComputer reached out to Microsoft for a comment about the screening process for submitted apps and a spokesperson said that the company is “continually working to ensure malicious content is identified and taken down quickly.”

Although the financial losses may not look like much when compared to the millions stolen in recent cryptocurrency heists [1, 2, 3, 4], the amount the fraudster made is impressive when considering the simplicity of the scam.