A fraudulent app on Apple’s App Store has drained $420,000 in Bitcoin from American musician Garrett Dutton, popularly known as “G. Love.”
Summary
- The fraudulent app managed to bypass Apple’s security filters on the App Store to target users of the Ledger self-custody platform.
- A victim surrendered his private recovery phrase to the malicious software after downloading it onto his laptop.
- Blockchain data shows the stolen 5.9 Bitcoin moved to several deposit addresses at the KuCoin exchange shortly after the breach.
According to a series of posts on X, Dutton lost his 5.9 BTC stash after downloading a malicious program disguised as the Ledger Live manager on his new MacBook Neo where he was tricked into entering his seed phrase. The theft wiped out nearly a decade of savings intended for his retirement.
“I had a really tough day,” Dutton shared with his followers, noting that the funds vanished “in an instant.”
“I been in the crypto circus since 2017. Today they caught me off guard. It was my own damn fault for not being more diligent. But let it serve as a warning. There’s so many scams,” he said.
On-chain researcher ZachXBT tracked the stolen assets, revealing they were moved to addresses tied to the KuCoin exchange through nine separate transactions.
While KuCoin acknowledged the situation with a standard customer service response, the incident underscores the growing risk of high-tier app stores hosting predatory software.
Similar impersonation tactics that have plagued the industry for years. In 2023, a similar fake Ledger app surfaced on Microsoft’s store, leading to nearly $600,000 in losses before the company admitted the software had bypassed its internal review process.
Reports from the FBI indicate these types of crimes are on the rise, with total crypto-related losses in the U.S. hitting $11 billion in 2025, a significant jump from the $9 billion reported the year prior.
As previously reported by crypto.news, attackers were also found using physical mail to target hardware wallet owners.
Using contact details leaked in previous data breaches, scammers have been sending official-looking letters on forged letterheads to Trezor and Ledger users. These letters often demand a “mandatory authentication check” and use tight deadlines—such as February 15, 2026—to create panic.
Recipients who scan the included QR codes are directed to malicious sites that request their 12 to 24-word recovery phrases. Once these phrases are entered, the attackers use backend APIs to seize full control of the victims’ wallets.
Both Ledger and Trezor have faced scrutiny regarding the security of their customer databases, as these physical phishing campaigns rely heavily on the exposure of personal contact information from past security breaches.
