The scam was reported by blockchain security analyst ZachXBT on Sunday hence resulting in Microsoft removing the fake Ledger Live application to avoid further damage.
Amid the mainstream adoption of the cryptocurrency market around the world, scams directed at both novice traders and veteran investors have evolved into sophisticated methods. In the past two weeks, an old-time scam orchestrated through phishing attempts happened on the Microsoft Corporation (NASDAQ: MSFT) store, thus robbing investors about 16.8 Bitcoin worth approximately $588K. Notably, the scammer developed a web3 application that resembles Ledger Live, a crypto wallet built by a Paris-based company, but instead had backdoor access that allowed direct siphoning of users’ Bitcoins.
According to details on the fake Ledger Live application, before it was removed by Microsoft over the weekend, the attacker had targeted PC users and awarded a 4.5 score based on 16 ratings. The developer used almost similar graphics to the original Ledger Live and assured customers of ultimate security through the hardware support.
“Once bought, your crypto will immediately be sent to the safety wallet of your hardware wallet,” one of the ratings with a five star noted.
The fake Ledger Live application supported NFTs, hence luring all types of crypto customers. Notably, the fake Leger Live app was published on Microsoft’s store on October 20, and allowed users to install it on up to ten devices, thus widening the scammer’s reach. Although the Microsoft team has already removed the fake Ledger Live app from users’ access, experts believe the Redmond-based tech behemoth should be held responsible for the lost funds.
Moreover, the tech company should have kept in place proper vetting mechanisms to ensure application developers are held to the highest standards.
They should be held liable
— ZachXBT (@zachxbt) November 5, 2023
Ledger and Crypto Scam
Cryptocurrency scams happening through the Ledger network are not new as the company deals with high-net-worth investors. As a precautionary measure, Ledger has advised its customers not to interact with links or websites associated with NFTs, which are designed to trick and steal funds. Moreover, anyone can create their tokens on different blockchains and mimic different crypto projects. As for the Microsoft store, Ledger has been targeted in the past and advised customers to only download their products on the official Ledger website.
🚨 Hey #ledger users
Beware of fake Ledger Live apps published on the Microsoft Store👀
The only safe place to download Ledger Live is on our website👇https://t.co/cDLX1rEWPf
Ledger will NEVER ask you for your 24-word recovery phrase ❌
Stay safe 🙏 pic.twitter.com/0dXTJ7FeuO
— Ledger Support (@Ledger_Support) December 26, 2022
On the recent scam that resulted in notable losses, Ledger has not commented on the matter nor has Microsoft given an official statement. As a result, it is up to the crypto investors to counter-check any web3 link to avoid losses that may never be recovered. Furthermore, the cryptocurrency market has grown very complex and the attackers are using more sophisticated tools to launder stolen funds.