G. Love Loses $424K in Bitcoin to Fake Ledger App
Musician Garrett Dutton (G. Love) lost 5.92 BTC, about $424,000, after entering his 24-word Ledger seed phrase into a fake Ledger Live app from Apple’s Mac App Store.
Garrett Dutton, known professionally as G. Love, posted that he lost 5.92 bitcoin — roughly $424,000 — after entering his 24-word Ledger seed phrase into a counterfeit Ledger Live app downloaded from Apple’s Mac App Store while setting up a new computer. The app prompted him to enter the seed phrase and the funds were withdrawn soon after. He confirmed the theft affected only his bitcoin holdings and posted: “All my BTC gone in an instant.”
On-chain investigator ZachXBT traced the stolen coins and reported they were moved through addresses tied to the KuCoin exchange. ZachXBT wrote that KuCoin has an ongoing problem with illicit services using broker or personal accounts and noted the exchange’s many deposit addresses make instant cash-out likely. He expressed uncertainty about the chances of recovering the funds.
Ledger, the hardware wallet maker, warns that Ledger Live is distributed only from Ledger.com and is not available on consumer app stores. The company says any Ledger app found on an app store should be treated as fake.
Security professionals advise that hardware wallet seed phrases must never be entered on devices connected to the internet. Beau, head of security at the NFT project Pudgy Penguins, posted: “You will NEVER need to enter your hardware wallet seedphrase on an internet-connected device (laptop, phone, smart fridge, etc.). If you’re restoring a wallet, always do so by entering your seed phrase on a hardware wallet device directly.”
Fake crypto apps are distributed through phishing emails, fraudulent advertisements and postal mail, according to security practitioners. After a victim enters a seed phrase into counterfeit software, attackers can take control of the linked addresses and move funds through exchanges and mixers.
Ledger engineers, including Head of Product Kio Matias and engineer Philip Barald, have highlighted software-layer risks from AI coding agents and third-party tooling. Researchers have identified third-party AI routers that can inject malicious tool calls and exfiltrate credentials; leaked API credentials have been used to run large volumes of model queries and automated services.
Investigators continue to monitor the stolen bitcoin as it moves through exchange addresses.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
