Apple Purges Fraudulent Ledger App After $9.5 Million Crypto Theft

Apple has confirmed the removal of a fraudulent application that mimicked the Ledger self-custody crypto wallet, following reports that the app was used to steal millions from unsuspecting users. The developer, identified as "SAS Software Company," has been permanently banned from the App Store. The scam utilized a "bait-and-switch" technique, where an app is initially approved through legitimate means before being updated with malicious content to trick users into revealing their seed phrases. This method allows attackers to bypass initial security screenings before deploying phishing tools. On-chain analysis revealed that over 50 victims lost a combined $9.5 million between April 7 and April 13. The losses were heavily concentrated among a few individuals, including one user who lost $3.23 million in USDT, another who lost $2 million in USDC, and a third who lost $1.95 million in a mix of Bitcoin, Ether, and staked Ether. High-profile victims included musician G. Love, who reported a loss of $420,000 in Bitcoin. Apple noted that it continues to combat these tactics aggressively. In 2024, the company reported removing or rejecting over 17,000 apps for bait-and-switch violations. Additionally, Apple blocked 37,000 potentially fraudulent apps and rejected 320,000 submissions flagged as spam or misleading. While the financial loss is significant for the affected individuals, the incident underscores the ongoing security risks associated with third-party app stores and the critical importance of seed phrase security in the self-custody ecosystem.