Fake Ledger app steals crypto

A fake Ledger Live app got onto Apple’s Mac App Store and drained about $9.5 million in cryptocurrency from more than 50 victims before Apple removed it. (coindesk.com) CoinDesk, citing onchain investigator ZachXBT, reported the losses hit users across Bitcoin, Ethereum, Solana, Tron and XRP between April 7 and April 13. Decrypt reported one victim was musician G. Love, who said he lost 5.92 Bitcoin after downloading the app. (coindesk.com) (decrypt.co) Ledger Live is the desktop software people use to manage Ledger hardware wallets, which are physical devices meant to keep crypto keys offline. The scam worked by copying that trusted brand inside Apple’s store, where Apple says every app is reviewed for safety, security and privacy. (decrypt.co) (developer.apple.com) Apple’s own App Review page says it reviews apps, updates, bundles, in-app purchases and in-app events, and says 90% of submissions are reviewed in less than 24 hours. The fake Ledger app’s approval has renewed scrutiny of how that review system handles impersonation and financial fraud. (developer.apple.com) A separate report published April 15 said Apple also privately warned xAI in January that Grok could be removed from the App Store unless it curbed nude and sexualized deepfakes. MacRumors, citing an Apple letter obtained by NBC News, said Apple found both X and Grok in violation of App Store rules and rejected an initial moderation fix from xAI. (macrumors.com) (moneycontrol.com) Apple’s App Review Guidelines say the App Store is meant to provide a “safe experience” and that Apple scans apps for malware and other software that could affect user safety, security and privacy. Apple also says apps must keep changing to remain on the store as the guidelines evolve. (developer.apple.com) MacRumors reported Apple eventually approved a later Grok submission after more back-and-forth with xAI, but NBC News found users could still generate similar sexualized images by changing their prompts. After NBC News published its report, X said it prohibits non-consensual explicit deepfakes and uses prompt filters, monitoring and model updates to block abuse. (macrumors.com) The two episodes land in the same week: one involved a fake finance app slipping through review, the other involved an artificial intelligence app staying up after private warnings and revisions. Apple removed the Ledger clone, while Grok remained available after xAI made changes Apple considered sufficient for approval. (coindesk.com) (macrumors.com) For users, the immediate lesson is that App Store placement did not stop a wallet impersonation scam, and private enforcement did not fully settle questions around Grok’s image safeguards. Both cases now sit against Apple’s central claim that its review process makes the App Store safer than the wider internet. (developer.apple.com) (coindesk.com) (macrumors.com)