A counterfeit version of the Ledger Live app managed to infiltrate the Microsoft app store, resulting in the theft of $588,000.
A total of $588,000 was illicitly taken through 38 separate transactions, with the largest single transfer amounting to $81,200.
investograph 
A counterfeit version of the Ledger Live app on Microsoft's app store has resulted in the theft of nearly $600,000 worth of Bitcoin (BTC), with the cryptocurrency's value currently at $34,978 per BTC. This deceptive app, named "Ledger Live Web3," was identified by cryptocurrency investigator ZachXBT on November 5. It masquerades as the legitimate "Ledger Live" application, designed for managing Ledger hardware wallets used to securely store cryptocurrency offline.
Approximately 16.8 BTC, equivalent to $588,000, was acquired by the scammer through 38 separate transactions, using the wallet address "bc1q....y64q." Out of these funds, $115,200 was transferred out by the scammer across two transactions, leaving a balance of $473,800 or 13.5 BTC.
ZachXBT mentioned in a subsequent post that Microsoft might have removed the counterfeit Ledger Live app from its platform. The initial payment sent to the scammer's wallet address was made on October 24, amounting to $5,210. Prior to that, the wallet had remained inactive. Most of these transactions have occurred since November 2, with the largest transfer amounting to $81,200 on November 4.
An investigation discovered that the fake "Ledger Live Web3" application had been available on Microsoft's app store as early as October 19.
The fake “Ledger Live Web3” app on Microsoft Apps. Source: Microsoft
ZachXBT disclosed that he received messages from victims on November 4, and even suggested that Microsoft should bear responsibility for permitting the fraudulent Ledger Live app to appear in its app store.
This incident isn't the first time that a counterfeit Ledger Live app has found its way onto Microsoft's app store. Ledger's support account, now on X (formerly Twitter), had previously alerted users to a fake Ledger Live app in December and March.
Ledger itself has not commented on the scam but has consistently advised users that the "only safe place" to download Ledger Live is from its official website, ledger.com.
A request for comment was sent to Microsoft, but an immediate reply was not received.
