Approximately $600,000 worth of Bitcoin (BTC) has been stolen from users who downloaded a fake Ledger Live application on Microsoft’s app store, according to cryptocurrency sleuth ZachXBT.
The scam, called “Ledger Live Web3,” was spotted by ZachXBT on November 5. It tricks users into thinking they are downloading “Ledger Live,” a user interface for Ledger hardware wallets used to store cryptocurrency offline.
The scammer has received about 16.8 BTC, equivalent to $588,000, across 38 transactions using the wallet address “bc1q….y64q,” as reported by Blockchain.com. The scammer’s wallet has seen about $115,200 leave across two transactions, resulting in a remaining balance of $473,800 or 13.5 BTC.
In a follow-up post, ZachXBT mentioned that Microsoft may have removed the fake Ledger Live app from its platform.
The first transaction sent to the scammer’s wallet address occurred on October 24, totaling $5,210. Prior to that, the wallet had not been used. Most of the transactions took place since November 2, with the largest transfer being $81,200 on November 4.
Cointelegraph discovered that the fake “Ledger Live Web3” application had appeared on Microsoft’s app store as early as October 19.
ZachXBT reported receiving two messages from victims on November 4 and argued that Microsoft should be held accountable for allowing the fake Ledger Live app to appear in its app store.
This is not the first time a fake Ledger Live app has made its way into Microsoft’s app store. Ledger’s support account previously informed users about a fake Ledger Live app in December and March.
Ledger has not commented on the scam but has emphasized to users that the “only safe place” to download Ledger Live is from its official website, ledger.com.
Cointelegraph reached out to Microsoft for comment but did not receive an immediate response.