Microsoft recently removed a fake Ledger Live app from its Microsoft App Store after hackers got away with more than $768,000 worth of cryptocurrency assets.

On November 5, 2023, blockchain researcher and crypto investigator ZachXBT brought the issue to light and warned the cryptocurrency community about the fraudulent app.

In a post uploaded on the X platform, ZachXBT firmly mentioned the existence of a fake crypto wallet management app titled “Ledger Live Web3”. This fake app imitates the authentic user interface for Ledger hardware wallets and tricks users into thinking that it is the original Ledger Live app.

 

According to ZachXBT, the scammer’s Bitcoin address (bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q) collected approximately 16.8 Bitcoins via 38 transactions totaling around $588,000 from unsuspecting users, with $115,200 already transferred out of the scammer’s wallet.

On further investigation, it was found that an additional address (0x089Ecf0703B8E85183F29725f87da40AE488b7B9) associated with the scheme collected roughly $180,000 across the Ethereum (ETH) and BSC from the fake app, bringing their total loot to $768,000.

 

The first transaction of roughly $5,210 to the scammer’s wallet address occurred on October 24, with most of the transactions taking place after November 2, with the largest single transaction amounting to $81,200 on November 4th.

As soon as the issue was publicly highlighted on November 5, 2023, Microsoft responded immediately by removing the fraudulent app from its App Store. Also, the fake app’s dedicated page on Microsoft’s official website is no longer accessible. The fake Ledger Live app had reportedly been active in the Microsoft App Store since October 19, 2023.

When BleepingComputer reached out to Microsoft to question their screening process for submitted apps, a spokesperson for the company responded by saying that Microsoft is “continually working to ensure malicious content is identified and taken down quickly.”

This is not the first time that a fake Ledger Live app has appeared on Microsoft’s App Store, as Ledger’s official customer service account had previously issued warnings in December and March about counterfeit apps and iterated to users that the “only safe place” to download Ledger Live is from its official site, ledger.com.