Waivio

Recommended Posts

Alarming case of cryptocurrency theft through fake Ledger Live app - More than 16.8 BTC lost

26 comments

zonadigital212.4 K6 months ago6 min read

Recently a disturbing case of theft of almost $600,000 in Bitcoin from users who downloaded a fake Ledger Live app from Microsoft's app store has been uncovered. And as a good user interested in the latest news in the crypto world, I decided to investigate what happened with all this mess.

I know that surely many users were not interested in this because not all of us use Ledger services, but still this is something that leaves many things to think about, and finally happened what had to happen, as it has happened with many other wallet of different services, but let's look at this more in depth, and in advance I will tell you that it is important to try to be more cautious in the world of cryptocurrencies....
 

 https://i.imgur.com/Ir293lI.jpg
 

 

Table of contents for this article:

♦ What is Ledger?

♦ The cunning scam.

♦ The scam is uncovered.

♦ What happened to the stolen funds.

♦ Microsoft Responsibility

♦ Ledger was not guilty.

 

https://files.peakd.com/file/peakd-hive/zonadigital21/48WgzwAeJepAXtnsqU95hHc8YYuRL7xoM4zewUrpr3wWxtiBJSusB6NsqwsiG1oA1d.png
 
Designed in Canva

What is Ledger?

In the world of cryptocurrencies, security and control of your digital assets are paramount.

And this is where the Ledger Hardware Wallet comes into play, and this is the first thing I will address in this article to give you some context. This device is a cryptocurrency wallet that securely stores the user's private keys, which are essential for authorizing outgoing transactions on the blockchain network.

But Ledger is the company that stands out in this whole topic, as it has the main advantage that it provides total isolation between the private keys and your devices, such devices that can be easily hackable, like PC or Cell Phones. Ledger develops hardware wallet technologies that incorporate the highest level of security for crypto assets, or at least that is the opinion of its users, because so far I have not heard of another Cold wallet better than Ledger.

With Ledger, you can securely manage all your cryptocurrencies. In addition, Ledger Live allows you to buy, exchange, grow and manage a large number of tokens and cryptocurrencies, and it is Ledger Live that we will talk about today.
 

 
https://files.peakd.com/file/peakd-hive/zonadigital21/AK9PEVqU6N9zsrhVXcVhaDZfERZC5ekrHbgDeJwtM88G4avDHrgwJdzw22rLGBW.jpg

Designed in Bing
 

The cunning scam.

The scam had a very peculiar name (Ledger Live Web3) because the most experts would see a strange alarm in its name, but not everyone is an expert or simply an oversight could cause a large amount of funds to be lost.

The name was disguised as a legitimate application (Ledger Live), designed to manage Ledger hardware wallets. Unsuspecting users were tricked into downloading this fake application, which led to the theft of their cryptocurrencies, this theft of cryptocurrencies is not something new, it has always happened, but for this to happen with an app that claimed to be official Ledger... this is another level of scam.

But here the interesting question is, how could a fake app make it to the Microsoft app store without being detected?
 
The theft of funds has an exact figure of 16,82437378 BTC, which at the time of writing this article is worth $590,819, total insanity.

 

Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen

Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn

— ZachXBT (@zachxbt) November 5, 2023
  #### The scam is uncovered.

The twitter user ZachXBT, an analyst or detective, was the one who discovered this scam after some scammed users communicated with him on Twitter. His ability to identify this scam is admirable and I must admit that, because he published on his twitter account to alert Ledger users, to prevent others from falling into the scam, this was on 4/11/2023.

I invite you to see the link of his publication so you can be aware of everything he managed to discover this guy, plus he published the wallet that received the funds of the people who fell into his trap, the wallet is (bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q), and as we all know, we can track the funds received by this wallet, so join me to see a little of the movements it has had since the theft of Bitcoins occurred.

 
https://files.peakd.com/file/peakd-hive/zonadigital21/AK2C7n3ekiAjoBrJ9GYR8SHy2rTe42B5u1dfjaaLWWM2Jw3e8aivdh3xHpQkHmf.jpg
 
Designed in Bing

What happened to the stolen funds.

For this we will use the Blockchain.com page, because here we have a block explorer that allows us to see each of the transactions of a specific wallet, it has other functions but for now we will only use the block explorer.

At this moment the wallet of the theft, has no funds, and it is logical that after all this he moved the BTC to another address, a total of 38 transactions he had before the scam was detected, and his last activity was a withdrawal to another wallet, the new wallet to which he sent the BTC was (bc1qtntflhe6f58lenv8chwuw8w55wxudwsvv549ah)

And from that wallet he sent again to another wallet, and at the moment the funds are in that wallet, you can see the whole process watching this direct link of the main wallet activity.
 
https://files.peakd.com/file/peakd-hive/zonadigital21/23uQNnaLMaBLJW8Gmmj9GKY1NhXCsipL8DGvgDQ6GZohoZpaRgZenP4cpteGbNYdSoD1w.png

https://files.peakd.com/file/peakd-hive/zonadigital21/23tkfzhjDLpMJJgcRwSbaTvniC8AKmKqcNgnHiXnMchRo6YbrY9ib4tuSYGHvk4Q1wLLj.png

https://files.peakd.com/file/peakd-hive/zonadigital21/23swib48Mf67gmr87bGHkMSuUJkc5aLCEEU3LbWHTektNZ3AnaQhuzKwWpiazW76uJ99z.png

 

Microsoft responsibility

This is undoubtedly one of the most interesting questions, because Microsoft allowed this fake app to be in their store, there is the first mistake in the whole history of the scam I'm talking about.

Even ZachXBT himself argued that Microsoft should take some responsibility for allowing the fake app to appear in their app store, and indeed there was a lack of security there, so that this app did not come out with an app available to everyone.
 

Ledger was not at fault.

Actually this was not the fault of the company Ledger, as I see more the charge of responsibility to Microsof for having let this app could be used, but still the guys from Ledger, published that users had to be more cautious, and indicated that: The only safe place to download their app is from their website.
 

 

https://files.peakd.com/file/peakd-hive/zonadigital21/48SpynTdBXVSBgcsxU81thAzWTDkA19s4znVWKrNWWLWbntmYCHZ68mmze9t3sMt8q.jpg
 

Designed in Canva
 
It is time to take action on the matter, let's be ourselves who take care of our security, do not trust so easily in the app or web pages, always try to look for reliable and only OFFICIAL sources of the projects we follow.

That's what you have to keep in mind right now, so here I end my article and I leave an open space in the comments for you to give me your personal opinion on this subject, greetings to all and I hope you have a happy day.
 

 

https://files.peakd.com/file/peakd-hive/zonadigital21/23tbkfjPfBtzK9natT6BwVRUDz3rt2raeXYDtNums8G1JW8ZiwogasGFf2BUczLY47Exk.png
 
Follow me on Twitter.

The character used to edit the cover of this article was created with the Bing tool.

English is not my native language, so I have used Hive Translator.
 

Posted Using InLeo Alpha

15.27Eligible for WAIV rewards
22326

Comments

Sort byBest