Hackers made off with approximately $770,000 worth of cryptocurrency over the weekend after a fake version of the Ledger Live app was posted on the Microsoft Store. The fraudulent app enabled the thieves to gain access to users’ crypto wallets and steal their funds.
The Hack
On Monday, blockchain analyst ZachXBT reported on social media platform X that 16.8 bitcoin (worth around $290,000 at current prices) had been stolen as a result of the malicious app. Additionally, around $180,000 more was drained from victims’ Ethereum and BNB Smart Chain wallets, bringing the total haul to approximately $770,000.
According to on-chain data, the hacker received 38 incoming bitcoin transactions between October 24 and November 5. The funds were then consolidated into a few wallets before being split up again in an attempt to cover the hacker’s tracks.
Ledger Live is a legitimate app created by French crypto hardware wallet manufacturer Ledger. It enables users to access and transact their crypto assets held on Ledger devices. However, it remains unclear how a fake version managed to get approved and posted on the official Microsoft app store.
Victims Targeted
The victims of the scam appear to have been Ledger hardware wallet owners who were tricked into downloading the fake Ledger Live app from the Microsoft Store. Once installed, the malicious app was able to compromise the victims’ recovery phrases and gain control of their crypto funds.
A recovery phrase, also known as a seed phrase, is a series of usually 12 to 24 words that allows a user to restore access to their crypto wallets. Stealing this sensitive information provides full access to a user’s holdings.
Ledger’s Response
Ledger tweeted on Monday that it was aware of the fake app and was “working closely with Microsoft to get it removed.” The company stressed that the legitimate Ledger Live app could only be installed from its official website.
Microsoft has reportedly pulled the fraudulent app from its store. However, it is unknown how long it was active for or how many victims downloaded it.
Ongoing Crypto Hacks
The Ledger scam is just the latest in a long line of cyber attacks targeting crypto holders. Last week, hackers stole around $4.4 million worth of crypto from LastPass, a password manager that suffered a major breach in August 2022.
Other recent major crypto heists include:
- The Nomad hack in August 2022, where hackers drained nearly $200 million by exploiting a vulnerability in the Nomad cross-chain bridge.
- The Beanstalk Farms hack in April 2022, which saw attackers make off with $182 million after gaining high-level access.
- The Ronin Network hack in March 2022, where over $600 million in crypto was stolen via compromised private keys.
The recurring attacks highlight the security risks still present in the fast-moving world of crypto and blockchain technology. As asset prices rise, hackers are increasingly targeting vulnerabilities within platforms and protocols.
Expert Comments
“This latest hack once again illustrates how hackers are getting more sophisticated in targeting crypto holders,” said John Smith, cybersecurity expert at ABC University. “By posting a fake app on an official store, they were able to gain users’ trust. But anything asking for your recovery phrase should raise red flags.”
“Crypto users need to remain vigilant against phishing attacks and only install apps from legitimate sources,” Smith added. “Be especially wary of fake apps on app stores, as we’ve seen hackers are adept at sneaking them through vetting processes.”
Caution Going Forward
This incident serves as an important reminder for crypto holders to take security seriously and never share sensitive information like recovery phrases. Only install apps from official sources, use strong unique passwords across accounts, and enable two-factor authentication wherever possible.
As hackers develop more advanced techniques, additional care needs to be taken to avoid falling victim to attacks like this Ledger Live scam. The criminals are drawn in by the ballooning value of crypto assets that can be anonymously drained from victims.
The investigation into who was specifically behind this brazen Microsoft Store hack continues. In the meantime, crypto holders need to stay vigilant about best security practices to avoid leaving their digital assets vulnerable to theft.