GoKawiilJust as CoinDesk reported that a fake Ledger app had drained millions from App Store users, TechCrunch revealed that another app had been harvesting sensitive user data. Apple pulled both today. Here are the details.
Fake scan app stole funds from at least 50 users
According to CoinDesk, at least 50 people had their Bitcoin, Ethereum, Solana, Tron, and XRP funds stolen between April 7 and April 13, after a malicious app called Ledger Live slipped through review and landed on the App Store.
Three of the largest victims lost seven-figure sums, with $3.23 million in USDT being stolen on April 9, $2.08 million of USDC on April 11 and $1.95 million in BTC, ETH and stETH being drained on April 8.
The report says that the funds were traced to KuCoin deposit addresses associated with Audi A6, “a centralized crypto mixing service known for charging high fees to obfuscate illicit flows.”
CoinDesk says Apple removed the app from the App Store, but didn’t respond to requests for comment. Neither did KuCoin, which has faced legal troubles associated with money laundering violations.
It is not immediately clear how Ledger Lite got past app review, nor why Apple didn’t take action when the first reports of stolen funds began appearing after April 7.
CoinDesk’s report notes that “the incident may form the basis for a class-action lawsuit,” according to Blockchain investigator ZachXBT.
A rough day for App Store review
The Ledger Live case wasn’t the only one to raise App Store concerns today.
... continue reading