Key Highlights
- Philadelphia musician Garrett “G. Love” Dutton lost his entire 5.92 BTC retirement fund after downloading a fake Ledger Live app from Apple’s Mac App Store.
- On-chain investigator ZachXBT traced the stolen funds across nine transactions to KuCoin deposit addresses.
- ZachXBT also accused Apple of blocking urlscan.io from analyzing the fraudulent App Store listing.
ZachXBT, a blockchain investigator, claims Apple is hindering investigations into fake crypto apps available on its Mac App Store. This follows a case where musician Garrett Dutton, known as G. Love, lost his entire life savings – 5.92 Bitcoin – to a fraudulent copy of the Ledger Live app that he downloaded directly from Apple’s official store.
On April 11, 2026, a man named Dutton lost around $424,175 in Bitcoin when he entered a 24-word security phrase into a fake app. He was trying to move his Bitcoin from a hardware wallet to a new Apple computer, and the funds were stolen almost immediately.
I’ve been following the drama around this, and ZachXBT just dropped a screenshot that’s got everyone talking. It showed a scan attempt blocked by the website’s infrastructure – basically, they *asked* urlscan.io to prevent it. ZachXBT’s take on it was pretty direct, implying something’s being hidden.
It seems Apple does not want people documenting the fact they allow fake apps on the App Store.
it seems Apple does not want people documenting the fact they allow fake apps on the App Store.
— ZachXBT (@zachxbt) April 12, 2026
How the $424K Theft Happened
According to Dutton’s post on X (formerly Twitter), he lost access to his crypto wallet during a normal setup process. He’d recently bought a new MacBook and needed to connect his Ledger hardware wallet to it. He found what looked like the official Ledger Live app in the Mac App Store, downloaded it, and followed the instructions, which unfortunately included entering his 24-word recovery phrase.
With just one action, attackers gained complete and irreversible control of all wallets connected to Dutton’s original seed phrase. The Bitcoin, which he’d earned over ten years, was stolen within minutes. Dutton posted about the loss – 5.9 BTC, representing a decade of work – and directly appealed to Apple for help.
After some people on X doubted his account, noting that Ledger devices usually require physical button presses to send transactions, Dutton explained that he had been tricked into willingly typing out his secret recovery phrase. This bypassed the security features of his hardware wallet. He shared on the platform, “I’ve been involved with crypto since 2017, and today I was caught off guard.”
ZachXBT Traces the Funds to KuCoin
Within a few hours, ZachXBT tracked the 5.92 Bitcoin that was stolen through nine different transactions. These transactions led to deposit addresses linked to the KuCoin exchange. He shared all the transaction details, which are still publicly available and can be checked on any Bitcoin block explorer.
ZachXBT went beyond just tracking the stolen funds. When asked if the money could be recovered, he didn’t think KuCoin would step in to help, pointing to what he sees as the exchange’s inconsistent approach to following rules. He highlighted KuCoin losing its EU MiCA license in February 2026 – shortly after receiving it – and suggested the hackers likely used a fast-exchange service that doesn’t require thorough identity verification to quickly convert and withdraw the funds.
The Apple Suppression Angle
As an analyst following this case, the most concerning development is the claim by ZachXBT that Apple is hindering independent investigation into the fraudulent listing. It appears the infrastructure owner requested to be excluded from scans by urlscan.io – a commonly used and free tool security researchers like myself rely on to analyze web infrastructure – which is what triggered the block.
When a respected researcher like ZachXBT points this out, it shifts the focus from one person’s bad luck to whether the platforms themselves are responsible. Ledger has consistently said it only distributes Ledger Live directly and that any app with a similar name but not from Ledger SAS is a fake. However, fake apps using deceptive tactics continue to appear on both the Apple and Microsoft app stores. Microsoft even confirmed a similar scam in 2023 that cost Ledger users almost $600,000.
As of today, Apple hasn’t publicly commented on the theft, the request for assistance from Dutton, or the claim that ZachXBT’s evidence was blocked.
A Pattern, Not an Isolated Incident
In 2025, cybersecurity company Moonlock discovered a type of macOS malware that tricked users into downloading a fake version of Ledger Live. This malicious software was designed to steal their cryptocurrency recovery phrases. The attack works by exploiting trust – users believe they’re downloading the official app from a trusted source, and then unknowingly enter their sensitive recovery phrase when prompted.
My research has shown a significant rise in crypto fraud. In 2025 alone, Americans lost over $11 billion to these scams, a jump from $9 billion the previous year. A particularly common and successful method attackers are using is phishing for seed phrases by pretending to be legitimate wallet software providers.
What Comes Next
It’s looking very difficult to get the stolen money back without help from law enforcement and KuCoin working together. Dutton plans to continue with his life and is thankful for his good health, family, and career in music. There are currently no plans to take legal action against Apple.
This recent event has really brought something to the surface that those of us in crypto have been discussing for ages – and that companies like Apple haven’t had to face. When people trust a platform like Apple, do their due diligence, and *still* lose a lot of money – we’re talking six figures – and then it’s made difficult to even figure out what went wrong, it’s no longer just a debate about *if* platforms should be held responsible, but *how*. It’s a real problem that needs to be addressed.
Read More
- Brent Oil Forecast
- GBP EUR PREDICTION
- USD ARS PREDICTION
- GBP JPY PREDICTION
- USD JPY PREDICTION
- CNY JPY PREDICTION
- Hong Kong Freezes Stablecoin Rollout, Leaving HSBC, Standard Chartered Waiting
- XRP’s Desperate Dance with Bitcoin: A Tragicomedy in Three Acts
- Binance’s Korean Comeback: A Tale of Crypto, Chaos, and 🤑
- Silver Rate Forecast
2026-04-13 13:41