Hackers Exploit Fake Ledger App to Steal Crypto

Hackers have exploited a fake Ledger Live application to steal cryptocurrency from users, with the malware impacting macOS users, as reported by cybersecurity firm Moonlock as of May 2025.

This incident underscores the persistent risk of phishing attacks within the cryptocurrency sector, with affected users facing significant crypto losses.

Hackers utilized the fake Ledger Live app to deceive users into submitting their seed phrases, granting full access to their crypto wallets. As confirmed by Moonlock, at least 2,800 websites were compromised in the attack.

Officials from Ledger, including CEO Pascal Gauthier, have not yet commented on this specific attack. The malware reportedly uses the Atomic macOS Stealer, though no institutional funds are reportedly affected.

“Our recent analysis identified the Atomic macOS Stealer deployed on over 2,800 compromised websites, highlighting the scale of this operation.” — Malware Researchers at Moonlock

Victims reported the theft of Bitcoin (BTC), Ethereum (ETH), and ERC-20 tokens, reflecting the severity of this breach. The community expresses increased concerns over such widespread phishing attacks and the effectiveness of current security protocols.

Financial implications are substantial as individual users suffer dispersed losses. Experts advise never entering seed phrases into prompts from unofficial apps, stressing the importance of authenticating software sources.

Potential outcomes may entail heightened security measures among crypto wallet providers, emphasizing educational campaigns against phishing. Economic impacts of such incidents parallel previous breaches involving Ledger products, urging vigilance against impersonation attempts.