Fifty people downloaded what looked like a legitimate app from the Apple App Store last week. By the time Apple removed it six days later, $9.5 million in cryptocurrency was gone.
This is not a story about crypto. It is a story about trusting the wrong thing because it came from the right place.
What Happened
Between April 7 and April 13, 2026, a fake version of Ledger Live, a popular cryptocurrency wallet management app, was listed on the Apple App Store under the developer name “Leva Heal Limited.” It looked legitimate. It had a version history, branding that matched the real app, and fake positive reviews (the attackers bumped it from version 1.0 to 5.0 in just two weeks to make it look established).
When users downloaded it and entered their seed phrases, which are the master passwords that unlock a crypto wallet, attackers had immediate and total access to their funds across Bitcoin, Ethereum, Solana, Tron, and Ripple.
According to BleepingComputer and blockchain investigator ZachXBT, three individual victims lost seven-figure sums in a four-day window. One person lost $3.23 million in a single transaction. Another lost their entire decade of Bitcoin savings in one afternoon.
Apple has since removed the app…but the money is gone.
The Part That Should Make Every Business Owner Uncomfortable
The App Store is supposed to be safe. Apple reviews every app before it goes live, and that review process is a core part of what makes the platform feel trustworthy.
And yet a fraudulent app with a fake developer name, fake reviews, and a fabricated version history sat in the App Store for six days and drained $9.5 million before anyone stopped it.
The real Ledger Live app, for context, is not even distributed through the App Store. It is only available through Ledger’s official website. Anyone who downloaded the app from Apple’s store was downloading something that should not have existed in the first place.
This matters for businesses because the same false sense of security extends to every app store, every software marketplace, and every tool your employees download because it looked official. A badge from Apple, Google, or Microsoft is not a guarantee. It means the app passed a review process, and this one passed too, for six days.
What This Means for Your Business
Your employees are downloading apps and tools constantly, on company devices, personal devices enrolled in your MDM, and everything in between. Most of them are not thinking about whether the developer name matches the official publisher (and honestly, why would they).
Here is what to have in place:
- An approved software list. If a tool is not on the list, it does not get installed without IT review. This applies to mobile apps too, not just desktop software.
- Mobile Device Management policies that control app installs. If employee devices are enrolled in your MDM, you can restrict installations to approved apps only. This is exactly the kind of attack that policy prevents.
- Employee awareness around seed phrases and master credentials. No legitimate app, ever, will ask you to enter your recovery phrase, master password, or private keys into a form. If something asks for that, it is a scam, regardless of where it came from.
- A verification habit for financial and security tools. Before downloading any app that touches money or credentials, verify the developer name against the official website. In this case, the real Ledger Live app is only distributed through ledger.com, not the App Store at all. A thirty second check would have caught it.
A Wake-Up Call
No app store is a safety guarantee. They are better than downloading random software from the internet, but as this week proved, not foolproof.
Six days, fifty victims, $9.5 million drained…and Apple had not caught it yet.
The businesses that do not get hit are the ones with policies in place before the fake app shows up in the search results. If you are not sure what those policies look like for your team, that is exactly where we start.
→ Schedule Your Free Security Assessment with Rob
→ Learn More About Our Managed Security Services
Published: Apr 16, 2026
Need IT Support for Your Florida Business?
GiaSpace provides proactive managed IT services, cybersecurity, and local tech support across Florida — with teams in Gainesville, Fort Lauderdale, Jacksonville, and Ocala.
Managed IT Services FloridaCybersecurity Services FLGainesville IT ServicesFort Lauderdale IT Services
