Fake Ledger App on Apple’s App Store Drains Musician’s 5.9 BTC Retirement Fund

• A fake Ledger app listed on Apple’s App Store allegedly drained 5.9 BTC from musician Garrett Dutton after he entered his seed phrase.
• Onchain investigator ZachXBT said the stolen bitcoin was laundered through KuCoin deposit addresses in nine transactions.

A fake Ledger app on Apple’s App Store has allegedly cost American musician Garrett Dutton his 5.9 BTC, a loss he says wiped out his retirement fund in a matter of moments.

Dutton, best known as the frontman of hip-hop blues band G. Love & Special Sauce, said in a Saturday post on X that he had downloaded what appeared to be a Ledger app onto a new computer. After entering his seed phrase, the Bitcoin was gone. “All my BTC gone in an instant,” he wrote, adding that his other cryptocurrency holdings were not affected.

A familiar scam with a costly twist

The mechanics of the incident are painfully familiar to anyone who has watched wallet scams evolve over the past few years. The fake app did not need to break Ledger’s hardware security. It only needed the victim to hand over the one thing no legitimate wallet provider should ever ask for in that context: the seed phrase.

That remains the ugly pattern in many of these cases. The attack is not especially sophisticated at the technical level. It is effective because it imitates trust well enough to make a user act against basic wallet security rules, usually in a rushed or unfamiliar setup process.

What makes this case stand out is the channel. The app was reportedly available through Apple’s App Store, which gives the scam a layer of credibility many users would naturally rely on.

Stolen bitcoin was reportedly moved through KuCoin

Onchain sleuth ZachXBT said the attacker laundered the stolen 5.9 BTC through KuCoin deposit addresses across nine transactions. That suggests the funds were moved quickly into exchange-linked routes, a common tactic when attackers want to break the trail or cash out in stages.

Ledger users have long been a favorite target for scammers. Previous attacks have ranged from phishing emails to physical letters mailed to customers requesting recovery phrases. The technique changes, but the essential goal does not.