Fake Ledger Live App Incident

Between April 7 and 13, 2026, a malicious app impersonating Ledger Live appeared on the Apple App Store. It was published under a shell developer account called "Leva Heal" — completely unrelated to Ledger — but looked nearly identical to the real application. Over 50 users downloaded it, entered their seed phrases when prompted, and had their wallets drained within minutes. Total losses exceeded $9.5 million across Bitcoin, Ethereum, Solana, Tron, and XRP. Three victims each lost over a million dollars. One musician posted online: "I lost my retirement fund. Ten years of Bitcoin. Gone in an instant." Apple removed the app after six days. The developer account was terminated. No public explanation was given for how it passed review. What this reveals The App Store's review process is not a guarantee of safety. The attackers did not exploit any code vulnerability. They exploited trust — specifically, the widespread assumption that anything listed on the App Store has been verified and is safe to use. What made this especially effective is that the real Ledger Live app is not available on the Mac App Store at all. It can only be downloaded from Ledger's official website. Most victims had no idea. What users should know Before downloading any Web3-related app, check the official website to confirm the correct download source If any app asks for your seed phrase, stop immediately — no legitimate app ever needs it Verify the developer name matches what the official company publicly states Being listed on the App Store does not mean an app is official or safe Your seed phrase is the only key to your assets. Any place that asks for it is a dangerous place — no matter how official or trustworthy it appears.