This fake ledger app on the Microsoft Store may have stolen over half a million dollars worth of crypto

Fake ledger app steals Bitcoin
A fake ledger app is stealing Bitcoin, according to a well-known crypto detective. (Image credit: Bitcoin)

What you need to know

  • A crypto investigator named @ZachXBT posted about the fake ledger app.
  • The app was named Ledger Live Web3.
  • The app was sending the Bitcoin to the scammer's wallet.
  • The scammer made away with at least 16.8 BTC or $588,000.
  • @ZachXBT just replied under the initial tweet saying Microsoft has removed the app.

A scammer was able to get a fake Ledger app called Ledger Live Web3 passed through Microsoft Store's checks and get it published on the store.  

The app was being used to steal people's Bitcoin by asking users to enter in their 12-24 word recovery phrase into the app. This of course gave the scammer access to the user's cryptocurrency. 

You can see the initial post about this by X (Twitter) user @ZachXBT. It is also important to note that while this article was being written, @ZachXBT updated their post with a reply that the Microsoft Store has removed the app. 

How can you protect your cryptocurrency?

Remember that most good or reputable cryptocurrency wallets or ledgers will never ask for your recovery phrase. If you download one that is asking for it, it is highly recommended to not enter that phrase in, as it can have disastrous consequences. This is a very heart wrenching story, as are most scam stories. 

Users across Reddit are explaining that their life savings have been wiped out by this scam. You can see more in this Reddit post by the User Weak-Rice-3545 one day ago saying they lost $26,500 from this fake ledger and it was their entire life savings. This Reddit post clarified that all of their cryptocurrency was stolen, not just their Bitcoin. They lost Bitcoin, Ethereum, and Solana and the user gave the address to which the scammer sent the cryptocurrency.   

Downloaded a new Ledger app I found on Microsoft Store after reinstalling Windows on my computer for about 1-2 hours ago. Had not accessed it through Ledger Live in a while and was prompted to input my 24-word seed recovery phrase. Didn't think more about that since so much had happened with both reinstalling Microsoft OS and Ledger Live App, but... It took a few minutes before I saw all my crypto, $18,5k bitcoin and about $8k alt coins disappear. I understand I will never be able to get this back but can I track them somehow or do anything at all?

Reddit User - Weak-Rice-3545

So, if you have downloaded and used Ledger Live Web3 or any other Cryptocurrency wallet or ledger that asked for your recovery phrase, immediately check your balances and rotate your recovery phrase as soon as possible.

Always be on the lookout for scammers, especially in the clandestine world of cryptocurrency, where everything is anonymous and untraceable. Make sure you understand how your cryptocurrency is protected and look to store portions of it in different wallets as when it is stolen, there is no way to get it back.

Colton Stradling
Contributor

Colton is a seasoned cybersecurity professional that wants to share his love of technology with the Windows Central audience. When he isn’t assisting in defending companies from the newest zero-days or sharing his thoughts through his articles, he loves to spend time with his family and play video games on PC and Xbox. Colton focuses on buying guides, PCs, and devices and is always happy to have a conversation about emerging tech and gaming news.