Fake Ledger Live App in Microsoft Store Steals $768,000 from Users

Microsoft has removed a fraudulent Ledger Live app from its store after several users lost cryptocurrency assets totaling at least $768,000. The fake app, published under the name Ledger Live Web3, appeared in the Microsoft Store on October 19, 2023, but reports of stolen crypto only began surfacing last week.

Blockchain analyst ZachXBT was among the first to warn the crypto community about the threat. On November 5, he alerted users that a fake app in the Microsoft Store had already stolen nearly $600,000 from those who installed it. The exact number of victims is unknown, but ZachXBT reported receiving messages from several people who lost their crypto after installing the counterfeit Ledger Live app.

One victim shared their experience on Reddit, explaining how they lost $26,500 just minutes after entering their seed phrase into the fake app:

“A few hours ago, I downloaded a new Ledger app I found in the Microsoft Store after reinstalling Windows on my computer. I hadn’t used Ledger Live in a while, and the app prompted me to enter my 24-word seed phrase. I didn’t think much of it, given everything that had happened with reinstalling Microsoft OS and the Ledger Live app, but… Within minutes, I saw all my crypto—$18,500 in Bitcoin and about $8,000 in altcoins—disappear,” the user recounted.

Microsoft responded quickly to ZachXBT’s warning and removed the app from the store the same day. However, by that time, the scammers had already stolen over $768,000 from victims.

Obvious Red Flags in the Fake App

The scammers did not make much effort to make their fake app look legitimate. The Microsoft Store page for the app displayed several warning signs. For example, the app’s description was almost entirely copied from the real Ledger Live app in the Apple App Store. It had only one rating, and the developer’s name was listed as “Official Dev.”

The criminals behind the scheme also created a GitBook page for their fake app at ladgerlivlugio[.]gitbook.io/us/. The page advertised the app as an official Ledger product available through the Microsoft Store, but it looked nothing like the real Ledger Live website.

Questions About Microsoft Store’s App Review Process

Given all the warning signs indicating possible fraud, it’s unclear how the scammers managed to publish their app in the Microsoft Store at all. ZachXBT believes that Microsoft’s official app review process is not effective enough to prevent such incidents.