Crypto hackers have been in the news again. This time, they useda cleverly orchestrated ruse to grab bitcoins from users of the Microsoft App Store. In fact, they launched a fake Ledger Live app. A half a million dollars in BTC has disappeared !
38 successful bitcoin transactions by the hacker
Two months ago, we reported a series of attacks against MetaMask cryptocurrency wallet users. To achieve their goals, the hackers had to use official government sites (India, Egypt, Nigeria, Colombia, etc.) to redirect users to fake MetaMask sites.
“ According to ZachXBT, a fake Ledger Live app appeared in the Microsoft App Store, leading to the theft of 16.8+BTC ($588k). Security companies often warn about the existence of fake wallet apps and theft of industry channels. Scammer’s address: bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q »
Translation of tweet from ZachXBT :
“ Community Alert: There is currently a fake Ledger Live on the official Microsoft App Store website that enabled the theft of 16.8+BTC ($588K). »
In one of his recent publications, Cointelegraph highlighted the results of this latest bitcoin hack. Its statistics demonstrate in particular:
- 16.8 BTC, or $588,000, was siphoned off by Bitcoin hackers;
- the hack, which took place this Sunday, November 5consisted of 38 transactions;
- the largest transfer was $81,200;
- the crypto hacker used a fake Ledger Live application deployed on the Microsoft App Store to carry out his attack;
- etc.
Modus operandi of the bitcoin hacker: in fact, he deployed the application of “Ledger Live Web3” on the Microsoft App Store to make it appear that they are downloading the real “Ledger Live”. This program should allow users to access an interface for Ledger hardware wallets. There, they can store their cryptocurrencies (BTC, ETH, ADA, etc.) offline, that is to say outside of centralized crypto exchanges (CEX) like Binance or Coinbase.
After seizing his bitcoin jackpot, from October 24 and November 2, the hacker made two transfers valued at $115,200. At the moment, he holds around 13.5 BTC in his crypto wallet.
Whose fault is it ?
Cointelegraph, through investigations, discovered that the “Ledger Live Web3” was already available on the Microsoft app store from October 19. However, victims only started reporting ZachXBT on November 4.
Who is the culprit? Some believe that Microsoft « should be held responsible », knowing that the American technology giant has authorized the posting of a fraudulent application in its store. Moreover, its App Store continues to host fake “Ledger Live” applications.
Be careful, self-custody can be beneficial for bitcoin hodlers. But hackers continue to sharpen their spear: some of them manage to hack a hardware wallet.
Receive a summary of the news in the world of cryptocurrencies by subscribing to our new service daily and weekly so you don’t miss anything of the Tremplin.io essentials!
