A fake Ledger Live app in the App Store enabled hackers to steal at least $9.5 million in cryptocurrency, according to on-chain detective ZachXBT.

On April 13, one victim, Garrett Dutton, frontman of the band G. Love, reported that he lost all his savings of 5.9 BTC (approximately $420,000) accumulated over ten years. He explained that he downloaded the wallet on a new computer and entered his seed phrase, but the software turned out to be fraudulent.

ZachXBT tracked the stolen assets, which were funneled through a series of transactions to the KuCoin exchange. The expert later clarified that this exchange was used by the perpetrators to launder the stolen cryptocurrency.

C) Want to explain to the community why KuCoin allowed a threat actor to launder $9.5M+ tied to a fake Ledger app via 150+ KuCoin deposit addresses over the past week?

A few days before that another threat actor laundered $3.5M+ from the Bitcoin Depot incident via 25+ KuCoin… pic.twitter.com/vo7jb1rdwu

— ZachXBT (@zachxbt) April 14, 2026

“In one week, over $9.5 million was laundered through more than 150 KuCoin deposit addresses linked to the fake Ledger app. Just days earlier, $3.5 million from the Bitcoin Depot hack also passed through 25+ wallets on the platform,” he wrote.

The incident affected more than just the musician; over 50 users across various networks, including Bitcoin, TRON, Solana, and XRP Ledger, also suffered losses.

The phishing campaign ran from April 7 to 13. Among the largest losses were:

  • $3.23 million in USDT;
  • $2.08 million in USDC;
  • $1.95 million in BTC, ETH, and stETH.

In all cases, victims entered their seed phrases into the fake app, giving the attackers full control over their wallets.

ZachXBT also discovered that all deposit addresses on KuCoin linked to the stolen assets were associated with the AudiA6 service, a centralized crypto mixer that charges high fees to obscure illicit flows.

As of this writing, Apple has removed the fake Ledger Live from the App Store, but it remains unclear how this software passed moderation.

The on-chain detective suggested that the corporations could face legal consequences given the scale of the losses.

Ledger did not comment on the incident but reminded users of basic phishing protection rules.

Protecting your digital life starts with staying alert to scams and phishing attempts.

As digital ownership grows, fraud is becoming more sophisticated and more frequent.

Here are a few security reminders to keep top of mind 🧵 pic.twitter.com/az2Exj7cOu

— Ledger (@Ledger) April 13, 2026

Q1 Losses

Experts from Hacken calculated that Web3 projects lost $482 million in the first quarter due to hacks and fraud.

During this period, phishing and social engineering attacks dominated, resulting in hackers stealing $306 million across 44 incidents.

According to experts, the largest incidents occur not in on-chain code but at the operational and infrastructure levels, which traditional audits often overlook.

Examples cited by analysts include:

  • Phishing that cost the industry $306 million;
  • A fake call from a “venture capitalist” (actually a North Korean hacker) to Step Finance, resulting in a project losing $40 million;
  • Compromise of the AWS key management service at Resolv Labs — $25 million.

Even where smart contracts are to blame, the most costly mistakes often stem from outdated deployments and known vulnerability classes:

  • Truebit lost $26.4 million due to an error in a Solidity contract deployed about five years ago;
  • Venus Protocol suffered from classic price manipulation involving an oracle, a scheme known since 2022.

Audited projects (Resolv — 18 audits, Venus — five) lost $37.7 million. On average, their losses are higher than those of unaudited projects. Protocols with larger TVLs become targets for the most experienced hackers, Hacken noted.

As a reminder, at the beginning of April, the Solana project Drift Protocol lost $280 million. Experts linked the hack to the Lazarus group from North Korea.