A counterfeit Ledger application for macOS on the App Store stole $9.5 million from users from 07.04 to 13.04, according to ZachXBT.

Incident overview

The malicious app appeared in the App Store and was downloaded by multiple users, enabling attackers to access affected wallets and transfer funds out.

Modus operandi

After installation the fake application obtained access to user wallets and facilitated private key or seed capture, which allowed immediate withdrawals to attacker-controlled addresses.

Scale and losses

According to on-chain detective ZachXBT, more than 50 people lost funds, with the largest single loss reaching $4 million.

Response

The counterfeit application has been removed from the App Store; platform and security teams are reportedly investigating remaining traces and vectors for distribution.

Advice for users

Users are advised to verify official wallet sources, avoid installing unverified macOS applications, and move assets from compromised addresses to secure wallets immediately.