Fake Ledger App: Garrett Dutton, also known by the stage name G. Love (of “Walk on the Ocean” fame), revealed through an X post that he suffered crypto fraud. His entire Bitcoin retirement fund, of 5.9 BTC (approximately $420,000 at the time), has been drained through a fake Ledger app on Apple’s App Store. Dutton stated he spent nearly a decade accumulating the coins, only to see them vanish “in an instant” after downloading the malicious software on his new MacBook Neo.
How the Scam Worked
The fraudulent application posed as Ledger Live, the official management software for Ledger hardware wallets. After completing its installation, the fake Ledger app misled G.Love into entering his 24-word “seed phrase” a.k.a. the master key to his entire Bitcoin. Once the seed was captured, the attacker drained the wallet immediately.
Dutton admitted his own fault: “I’ve been in the crypto circus since 2017. Today they caught me off guard. It was my own damn fault for not being more diligent, but let it serve as a warning. There are so many scams.”
According to onchain investigator ZachXBT, the stolen BTC was sent to deposit addresses belonging to KuCoin in nine separate transactions. KuCoin’s response was to issue a standard customer service email confirming the receipt of the user’s request; KuCoin has yet to make any public statements regarding whether it will actually freeze these funds.
Implications
This is not an outlier case; in 2023, a fake Ledger app bypassed Microsoft’s app store review process and ended up stealing almost USD 600,000 before Microsoft acknowledged that the app had gotten through. Authorities indicated that U.S. citizens have lost in excess of USD 11 billion to crypto crimes just in 2025, a 1.2% increase from 2024.
Phishing attempts directed at hardware wallets have also been escalating. Scammers have sent official-looking letters on forged letterhead to all Trezor and Ledger users, and have demanded the completion of “mandatory authentication checks,” tricking victims into scanning QR codes that lead to malicious seed phrase harvesting sites.
