GoKawiilA malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month.
Users who downloaded the fake Ledger app were tricked into entering their seed/recovery phrases, thus giving attackers full access to their wallets and allowing them to send digital assets to external addresses under their control.
According to blockchain investigator ZachXBT, the attackers used several wallet addresses to receive funds across multiple chains, including Bitcoin, Ethereum, Tron, Solana, and Ripple.
The stolen amounts were then laundered through more than 150 deposit addresses on KuCoin, linked to a centralized mixing service called “AudiA6,” which launders crypto in exchange for high fees.
Malicious transactions
Source: ZachXBT
The investigator tracked three individual victims losing seven-figure amounts ($3.23 million, $2.08 million, and $1.95 million) between April 8 and April 11.
Musician G. Love stated on X that he also lost 5.9 BTC (currently $430k) after downloading the app. This loss was also traced and confirmed by ZachXBT.
According to a Reddit discussion, the fake app was submitted to the Apple App Store under the publisher name ‘Leva Heal Limited,’ an account not associated with the real Ledger development team.
The malicious actor also created a fake version history by releasing major new versions every few days, going from 1.0 to 5.0 within just two weeks.
... continue reading