Musician G. Love lost 5.92 BTC to a fake Ledger app on the Apple Mac App Store. ZachXBT traced the stolen funds to KuCoin deposit addresses.
Garrett Dutton, known professionally as G. Love, lost nearly six Bitcoin in seconds after a fake Ledger app slipped through the Apple Mac App Store. The app looked legitimate. It was not.
Writing on X, G. Love said he was migrating his Ledger hardware wallet to a new computer when he downloaded what appeared to be the official app. The BTC was gone instantly. He described the loss as his retirement fund, built over ten years of holding.
“I had a really tough day today. I lost my retirement fund in a hack/Scam when I switched my @Ledger over to my new computer and by accident downloaded a malicious ledger app from the @Apple store,” he posted. “All my BTC is gone in an instant.”
Apple Approved the Scam
The fake app passed Apple’s review process. That part still has not been explained.Love posted the transaction hash on X so others could verify the theft on-chain. The TX hash — 8753c7d24a28f677089aefb09628eb9b191e843ae965f55ca8ae87540561feaf — confirmed the drain. He said 5.9 BTC was all he had. “I worked on this fuuuuuck be careful out there,” he wrote.
In a separate post, he shared his BTC address, asking the community if anyone wanted to help him recover. “This is either pathetic or funny, and I feel both ways,” he wrote.
ZachXBT Traced Every Satoshi
Blockchain investigator ZachXBT stepped in. He traced all 5.92 BTC through nine separate transactions, all running through KuCoin deposit addresses.
“Hi I traced out your 5.92 BTC stolen, and it was all laundered via @kucoincom deposit addresses,” ZachXBT wrote on X. He posted all nine transaction hashes. The money moved fast. By the time anyone noticed, it was already split across multiple addresses and processed through the exchange.
Ledger’s own support documentation warns that this kind of attack has been running for some time. According to Ledger’s official fraud warning page, malicious actors build convincing replicas of Ledger Wallet and push users into entering their 24-word Secret Recovery Phrase. That phrase, once typed anywhere outside the physical Ledger device, hands complete wallet access to the attacker.
Ledger’s guidance is direct: the recovery phrase should never be entered on any computer, mobile app, or online platform. Restoration only happens on the hardware device itself during setup.
The App Store Problem Nobody Fixed
This is not the first time a fake crypto app made it through Apple’s review process. Ledger’s documentation specifically flags fake Chrome applications as a known attack vector, noting official downloads should come only from the Ledger website directly.
The Mac App Store was supposed to be different. Vetting was supposed to catch this. It did not. Love’s case is more than a personal loss. The amount, 5.92 BTC, was worth roughly $420,000 at the time of the theft. A decade of accumulation, drained in seconds by an app a major platform approved.
ZachXBT’s trace puts the stolen funds at KuCoin. Whether any recovery follows remains unclear.
