American musician G. Love (real name Garrett Dutton) disclosed on April 11 that after downloading a counterfeit Ledger Live application from the Apple Mac App Store and entering a 24-word recovery phrase when prompted, he immediately lost 5.92 bitcoins, which amounts to more than $424,000 based on the market rate.
What Happened: A Fatal Mistake When Migrating Devices
G. Love said the incident occurred during the process of migrating his Ledger hardware wallet to a brand-new Apple computer. After searching for “Ledger Live” in the Mac App Store, he downloaded a counterfeit app with an interface and appearance that closely mimicked the real one, and entered the complete 24-word recovery phrase as prompted. After submitting the recovery phrase, the attacker completed the asset transfer instantly, and 5.92 bitcoins disappeared within minutes.
In the post, G. Love said, “This is my retirement savings I’ve worked hard to build up over the past decade. If you’re going out, you have to be careful.”
The core problem in this case is that the counterfeit application successfully passed the Apple App Store’s review and was presented to users in official channels under a legitimate-sounding name, making the Apple platform’s trust endorsement the biggest lever the scammers exploited.
ZachXBT Investigation: The Funds’ Destination Appears to Be a CEX, and the Chance of Recovery Is Very Low
ZachXBT’s on-chain analysis confirmed that the stolen 5.92 bitcoins flowed through a wallet identified as a CEX deposit address, and it noted that a large number of distributed deposit addresses suggests the thieves may have made a second round of fund transfers via an instant exchange, further increasing the difficulty of tracing.
ZachXBT explicitly criticized the CEX for “only showing compliance when it aligns with its own interests,” and pointed out that after the exchange obtained an EU MiCA license in November 2025, it was revoked just about three months later in February 2026—showing it has deeper compliance issues. He also noted that illicit services are still transferring funds through brokers and personal accounts on that CEX platform, while regulators have taken virtually no action to date.
Security Experts’ Warning: The Core Rules for Protecting Your Recovery Phrase
After the incident was revealed, Pudgy Penguins’ security lead Beau issued an urgent warning, emphasizing that all hardware wallet users should follow the following security principles:
Key Rules for Recovery Phrase Protection
Never enter a recovery phrase on a connected device: Whether it’s a laptop or a phone, a connected environment should not be used as a recovery phrase entry setting
Download or update requests default to “suspicious”: Until you verify it yourself, any message urging users to download or update wallet software should be treated as a scam
Scam channels are diverse: Counterfeit wallet apps spread via email, fake ads, and physical mail; official app stores are also not absolutely safe
Go directly to official sources: Installing Ledger Live should go directly to the official website (ledger.com), not through searching in the App Store
Frequently Asked Questions
Why did a counterfeit Ledger app appear in the Apple App Store?
The counterfeit app exploited weaknesses in the app store’s review process to pass publication review using a highly similar name and interface. Ordinary users can’t reliably tell truth from falsehood based on the store page alone. When installing Ledger Live, it’s recommended to go directly to the Ledger official website (ledger.com) to download, completely bypassing the app store search step.
Why does entering a recovery phrase lead to bitcoins being stolen immediately?
A recovery phrase is a complete backup key that fully restores a hardware wallet. Anyone who has the 24-word recovery phrase can rebuild the wallet on any device and control all assets. The core purpose of the counterfeit app is to诱导 users into entering the recovery phrase; once the back-end server receives it, the asset transfer is executed immediately, and the entire process is completed within minutes.
Is it possible to recover the stolen bitcoins?
According to ZachXBT’s on-chain analysis, the funds have flowed to deposit addresses suspected to belong to a CEX and may have undergone a second transfer via an instant exchange. ZachXBT stated clearly that he does not believe a CEX would assist in recovering funds. Combined with recent compliance disputes stemming from the exchange’s MiCA license being revoked, the real likelihood of asset recovery is extremely low.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Korea’s central bank: Cryptocurrency trading should introduce a “circuit breaker” mechanism; CBDC should be the digital core
The Bank of Korea recommends introducing a circuit breaker mechanism in the crypto-asset industry to prevent abnormal trading, and points out that the Bithumb mistaken payment incident reveals a structural vulnerability. The governor nominee, Hyun-sung Shin, emphasizes that CBDCs and deposit tokens should be the core of digital currencies, and proposes a phased opening strategy for stablecoins. The Bank of Korea also plans to launch an offshore KRW system with real-time gross settlement in 2027 to reduce credit risk.
MarketWhisper4h ago
SIM card swap attack steals $24 million! A 21-year-old suspect empties a crypto investor’s account
A 21-year-old Manhattan resident, Nicholas Truglia, faces 21 counts of felony charges for carrying out a SIM card swap attack that stole more than $23 million in assets from cryptocurrency investor Michael Terpin. This case highlights vulnerabilities in phone-number-based verification mechanisms, sparking discussions in the crypto community about the need for stronger security solutions and driving adoption of safer verification methods such as hardware security keys.
MarketWhisper7h ago
WLFI Threatens to File a Lawsuit Against Sun Yuzhou: “See You in Court.” Controversy Escalates After Token Contract Allegedly Hides a Blacklist Backdoor
The conflict between the crypto project WLFI supported by Trump’s family and Justin Sun escalates, with Sun accusing the WLFI token contract of containing a backdoor that freezes users’ funds. WLFI, in turn, refutes Sun’s claims as exaggerated. This dispute highlights the tension between crypto project governance and the principles of decentralization.
ChainNewsAbmedia7h ago
Gate Daily Report (April 13): The CFTC seeks “exclusive regulatory authority” for prediction markets; the FBI report says crypto fraud losses totaled 113.6 billion.
Bitcoin has pulled back from its peak to $71,110. The chair of the U.S. CFTC said it will defend its regulatory authority over prediction markets. An FBI report shows that in 2025, losses from cryptocurrency fraud reached $11.36 billion, with seniors hit the hardest. The market is optimistic in the short term, but you should be mindful of the impact of oil prices and monetary policy.
MarketWhisper9h ago
CFTC Chair: Predicts that market oversight authority is exclusively federal; states have no power to replace it with state law
CFTC Chair Mike Selig emphasized that the CFTC has the only regulatory authority over prediction markets, and that states cannot replace federal oversight. At the same time, the CFTC is clarifying regulatory details through rulemaking and welcomes public input. In addition, the digital asset classification guidance jointly released by the CFTC and the SEC will help businesses clearly determine the nature of digital assets.
GateNews9h ago
FBI: In 2025, losses from cryptocurrency fraud reached $11.366 billion, and people aged 60 and above accounted for nearly 40% of the losses
The FBI’s 2025 Internet Crime Report shows that losses from cryptocurrency-related fraud reached $11.37B, up 22% from 2024. Losses among people ages 60 and older totaled $4.4 billion, mainly stemming from cryptocurrency investment scams. California had the highest losses at $2.1B.
GateNews10h ago
