A fake Ledger app from the App Store stole a famous musician's retirement savings
Garrett Datton, a well-known American musician who performs under the stage name G. Love, fell victim to a sophisticated cyberattack.
After installing malware that mimicked the official Ledger Live app, the artist instantly lost 5.9 Bitcoin, which he had been saving for ten years to fund his retirement.
The incident occurred after Datton purchased a new Apple MacBook Neo and downloaded an app from the official App Store that turned out to be a fake.
The musician made a fatal mistake—he entered his secret seed phrase (24 words) directly into the app, after which the attackers gained full control over his assets.
“I had a really rough day. They caught me off guard today. It was my own damn fault—I should have been more careful. But let this be a warning. There’s so much fraud out there,” Datton wrote to his followers on social media platform X.
According to crypto investigator ZachXBT, the musician’s funds were withdrawn in nine transactions to various deposit addresses.
The investigation revealed that the scale of the scam is much larger. A fake app from the publisher Lema Heal Limited (or Leva Heal Limited) was available in the Apple App Store from April 7 to 13, 2026.
During this short period, more than 50 people fell victim to the scammers, and total losses across various cryptocurrency networks are estimated at $9.5 million. Some victims lost amounts ranging from $2 million to $4 million.
Ledger’s CTO, Charles Guillemet, emphasized that the official manufacturer of hardware wallets never asks users to enter their seed phrase within a software environment.
“If someone or some app asks you to enter your 24 words—assume something is wrong. You cannot trust the software environment around you—neither the browser, nor the app store, nor the computer,” Guime warned.
The situation is exacerbated by overall cybercrime statistics. According to the FBI, Americans lost over $11 billion to crypto scams in 2025.
A separate risk factor was the recent data breach at payment provider Global-e, which partners with Ledger; this breach could have made it easier for attackers to carry out phishing attacks on the company’s customers.
Scammers set a record for the number of thefts from Russian accounts
As a reminder, in Sumy, scammers stole nearly ₴5 million from a medical facility by carrying out a cyberattack.
Fraudsters are also sending out fake emails from a legitimate Microsoft address.
