Malicious actors managed to siphon off approximately $9.5 million in cryptocurrency from users after tricking them into downloading a counterfeit Ledger Live application via the macOS App Store. This scam, active between April 8 and April 11, targeted Mac owners who mistakenly trusted the app published under the name "Leva Heal," which bore no relation to the legitimate Ledger SAS.

Fifty affected macOS users reportedly surrendered their recovery phrases, allowing thieves to drain their assets in Bitcoin, Ethereum, and other digital currencies. Three individuals alone lost over a million dollars each before Apple finally purged the fraudulent software. Blockchain investigators tracked the stolen funds as they were laundered through over 150 addresses on the KuCoin exchange.

Ledger’s CTO, Charles Guillemet, issued a direct warning: the official application will never request the 24-word seed phrase. True security hinges on keeping private keys secured on dedicated hardware devices and avoiding inputting recovery information into any software or website.

The successful heist demonstrates the persistent danger of sophisticated phishing within the crypto ecosystem, even when utilizing official distribution channels like Apple’s marketplace. Users are advised to secure their assets by only downloading Ledger Wallet from the official Ledger SAS website.