Blockchain investigator ZachXBT said a fraudulent Ledger Live application listed on the Apple App Store was linked to a roughly $9.5 million cryptocurrency theft affecting more than 50 victims across multiple blockchains, including Bitcoin, multiple EVM networks, Tron, Solana and Ripple.
The funds were drained between Apr. 7 and Apr. 13, according to ZachXBT, who flagged the incidents in a Telegram post on Tuesday. Apple has since removed the malicious application from the App Store, he added.
Three of the largest reported victims lost seven-figure sums, including $3.23 million in USDT, $2.079 million in USDC, and $1.95 million in combined assets consisting of 20.64 BTC, 211 stETH and 70 ETH.
Similar attacks
The incident is the latest in a series of security breaches involving impersonation apps on the Apple App Store. On Apr. 12, American musician Garrett Dutton, known as G. Love, reported the loss of 5.9 BTC after entering his recovery phrase into a similar fraudulent application.
Ledger has warned that official app stores can host fraudulent applications designed to steal user funds. The company urges customers to download its wallet software only from its official website.
"Ledger will never ask for your 24 words," Ledger Chief Technology Officer Charles Guillemet said in a statement shared with The Block on Monday. "If anyone, or any app, is asking for your 24 words, assume something is wrong. The only protection that holds is keeping your private keys on a dedicated hardware device with a secure screen, like a Ledger signer, and never entering your seed phrase into any app or website. Your 24 words are your wallet."
ZachXBT noted the stolen assets were routed through more than 150 deposit addresses on KuCoin tied to AudiA6, described by the investigator as a centralized mixing service used to launder illicit proceeds for “high fees." He added that KuCoin has seen a rise in illicit flows over the past year. In a separate investigation, he traced roughly 54 BTC, valued at about $3.7 million, stolen from Bitcoin Depot to KuCoin wallets.
The attack comes amid heightened regulatory pressure on the Seychelles-based exchange. KuCoin previously paid more than $300 million in fines to the U.S. government in January 2025 to settle charges related to Anti-Money Laundering violations. More recently, in February, Austrian regulators prohibited the exchange from onboarding new European Union users, despite the firm receiving its MiCA permit last November.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures. © 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.