Fake macOS crypto app stole $9.5M

A fake Ledger Live app for macOS appeared in Apple’s App Store and users lost about $9.5 million before Apple pulled it. (coindesk.com, macrumors.com) CoinDesk reported the losses hit more than 50 victims between April 7 and April 13, 2026, across Bitcoin, Ethereum, Solana, Tron and Ripple’s XRP. MacRumors said Apple removed the app after the report. (coindesk.com, macrumors.com) The scam worked by asking users for a 24-word recovery phrase, which is the master key to a crypto wallet. Ledger says any app or site that asks for that phrase is fake, and the real Ledger Live app is downloaded from Ledger’s website, not the Mac App Store. (support.ledger.com, support.ledger.com) A recovery phrase is enough to rebuild a wallet on another device, so anyone who types it into a counterfeit app can hand over full control of their funds. Ledger says users should never enter the phrase into computer software at all. (support.ledger.com, support.ledger.com) The case cuts against Apple’s pitch that the App Store is a curated storefront where every app is reviewed and scanned for malware. Apple’s App Review Guidelines say the company reviews apps for safety, security and privacy, and bars developers from using another company’s brand or product name without permission. (developer.apple.com, developer.apple.com) Ledger has spent months warning customers about counterfeit wallet apps and phishing campaigns that mimic its branding. Its support pages tell users to delete any fake app immediately and move funds after creating a new recovery phrase if the old one was exposed. (support.ledger.com, ledger.com) Mac users have long treated the App Store as a safer channel than random downloads, which is why a fake wallet inside Apple’s own store is so damaging. In this case, the safest rule was the oldest one in crypto: never type a wallet’s recovery phrase into any app that asks for it. (macrumors.com, support.ledger.com)