Based on the analysis conducted by ZachXBT, an individual specializing in on-chain investigations, it has been observed that about $800,000 worth of cryptocurrency assets have been illicitly acquired from individuals who inadvertently installed a counterfeit version of the Ledger Live program from Microsoft's app store.
According to a report, users of Ledger Live experienced a loss of $600,000 in Bitcoin.
In a post dated November 5 on the X (previously Twitter) platform, ZachXBT expressed concern on the deceptive nature of a program called "Ledger Live Web3." This application misleads users by presenting itself as the authentic "Ledger Live" software throughout the installation process. The initial iteration of Ledger Live is a software application designed to provide a graphical interface for users with hardware wallets, enabling them to securely store their cryptocurrency holdings in an offline environment.
Based on the available on-chain data, it has been seen that the exploiter has obtained a total of about 16,800 BTC, equivalent to a value of over $588,000. This amount has been acquired through a series of 38 distinct transactions, all of which have been conducted using the wallet address "bc1q...y64q". On October 24, 2023, an initial sum of cash, amounting to an approximate total of $87,600, was transmitted to the address of the individual perpetrating the fraudulent activity.
At present, a total of $115,760 has been sent from the scammer's wallet address, encompassing two separate transactions. In the meanwhile, the present balance of the specified address remains at a value above 13.5 BTC, equivalent to about $476,012.
In a subsequent publication on X, ZachXBT disclosed that the fraudulent individual employed an Ethereum/Binance Smart Chain (BSC) address to receive monetary transactions originating from the counterfeit Ledger application. According to the provided update, the individual responsible for the exploitation has managed to amass a sum of about $180,000 through the utilization of this specific address. Consequently, this accumulation has contributed to their whole loot, which now stands at $768,000.
The investigator doing on-chain analysis also observed that Microsoft may have potentially eliminated the counterfeit Ledger Live application from their application store. In the present moment, access to the dedicated page for the counterfeit application on Microsoft's official website has been discontinued.
It is noteworthy to mention that instances of counterfeit Ledger Live applications infiltrating Microsoft's app store have occurred previously. The support account of Ledger on platform X has issued cautionary notices to its customers on two distinct occasions within a one-year timeframe, regarding the presence of a counterfeit application.
The month of October witnessed a significant decrease in fraudulent activities within the cryptocurrency sector.
During the month of October, the cryptocurrency industry had a notable decline in incidents of theft, reaching its lowest level in the year 2023. Based on the research conducted by CertiK, it has been determined that a cumulative sum of 38 occurrences, encompassing instances of hacking, exploitation, and fraudulent activities, resulted in financial losses of $32.2 million.
When examining the cumulative amount of $1.4 billion over a period of 10 months, it is evident that the losses sustained in October are relatively less, constituting around 25% of the average monthly losses. Although the decrease in security events is a favorable advancement, it is important to note that users should be vigilant regarding the presence of security concerns, even in seemingly unlikely locations, as exemplified by the Ledger instance.
