Key Takeaways:
Musician G. Love lost 5.92 BTC to a fake Ledger app on the Apple Mac App Store on April 11, 2026. The stolen stash at press time is worth $424,175. Onchain investigator ZachXBT confirmed the stolen funds were reportedly laundered through Kucoin deposit addresses. Ledger warns users to download software only from ledger.com, never app stores, to prevent seed phrase theft. G. Love Bitcoin HackPublic reaction on X was divided. Many users expressed sympathy. Others raised questions about the plausibility of the story, noting that Ledger hardware wallets require physical confirmation on the device itself. Some pointed to the public donation address as a red flag. Dutton clarified he was socially engineered into entering the seed phrase voluntarily, which is the attack vector the scam was designed to exploit.
The mechanics of this attack are straightforward. A user searches an app store, finds a convincing listing, installs it, and enters their seed phrase when the app requests it. At that point, the attacker has full, permanent access to every wallet derived from that phrase. The hardware wallet itself provides no protection once the seed is exposed.
Self-custody requires that the seed phrase never leave the physical Ledger device. It should only be entered directly on the device during initial setup. Typing it into any app, website, or computer compromises the entire wallet.
No legal action has been announced.
