The Fake Wallet in the App Store — "Official" Doesn't Mean Safe

On April 11, 2026, musician G. Love switched to a new computer and opened the Mac App Store to find Ledger Live, the wallet software he'd been using for years. He found an app with a familiar icon, downloaded it, and followed the prompts — including entering his 24-word seed phrase. Within seconds, his balance was gone. The 5.9 Bitcoin he'd saved over ten years, worth around $420,000, had vanished. That was his retirement fund. He wasn't alone The fake app had been listed since April 7. It took six days before Apple removed it. During that window, on-chain investigator ZachXBT traced at least three victims who each lost over $1.95 million, with one wallet drained of $3.27 million in USDT. The funds were routed through 150+ KuCoin addresses and laundered via a mixing service. By late April, Kaspersky confirmed at least 26 fraudulent wallet apps in the App Store — impersonating MetaMask, Trust Wallet, Coinbase, and others. Some had launched as calculators or games to pass Apple's review, then redirected users to malicious pages after installation. Why the App Store can't catch this App Store review is designed to detect malicious code — not to judge whether a normal-looking interface is being used to steal information. A fake app can behave perfectly during review and change behavior after installation. More fundamentally: Ledger has never published Ledger Live on any consumer app store. Any app in the App Store claiming to be Ledger is not official software. Finding it in a search is not the same as finding the real thing. Once the seed phrase is typed, it's over A seed phrase is the root key to your entire wallet. It can't be reset, and no support team can recover it. Normal use of a hardware wallet never requires entering your seed phrase into any app or website — it appears once during device setup, on the device itself, and should only ever be written down offline. Any operation asking you to type your seed phrase on a screen is, in almost every case, an attack. One habit worth building Before downloading any wallet software, go to the official website first and follow the download link from there. On any App Store listing, check the developer name — Ledger's official developer is listed as "Ledger SAS." Anything else isn't the real app. G. Love said afterward: "It was my own damn fault for not being more diligent. But let it serve as a warning. There's so many scams." The App Store was never a safety net for crypto. It's just another trusted surface — and that's exactly what attackers use.