Key Takeaways:
Musician G. Love misplaced 5.92 BTC to a pretend Ledger app on the Apple Mac App Retailer on April 11, 2026. The stolen stash at press time is value $424,175. Onchain investigator ZachXBT confirmed the stolen funds had been reportedly laundered by means of Kucoin deposit addresses. Ledger warns customers to obtain software program solely from ledger.com, by no means app shops, to stop seed phrase theft.
G. Love Bitcoin Hack
Garrett Dutton, frontman of G. Love & Particular Sauce, publicly disclosed the loss the identical day on X. He was establishing his Ledger {hardware} pockets on a brand new Apple pc when he searched the App Retailer for the official Ledger Stay software. The app he downloaded appeared authentic. It was not.
The pretend app prompted him to enter his 24-word seed phrase, additionally referred to as a secret restoration phrase. As soon as he typed it in, the attackers drained his bitcoin holdings instantly.
“I had a extremely powerful day at the moment I misplaced my retirement fund in a hack/rip-off after I switched my Ledger over to my new pc,” Dutton wrote on X. He posted the transaction hash and a bitcoin handle, and requested followers who needed to assist him “re-up” to ship funds.
He later confirmed that solely his bitcoin was affected. No different holdings had been concerned.
Onchain investigator ZachXBT shortly traced the funds. He confirmed roughly 5.92 BTC was stolen and allegedly laundered throughout 9 transactions into Kucoin deposit addresses. The transaction data are publicly seen on any BTC blockchain explorer.
Public response on X was divided. Many customers expressed sympathy. Others raised questions in regards to the plausibility of the story, noting that Ledger {hardware} wallets require bodily affirmation on the system itself. Some pointed to the general public donation handle as a purple flag. Dutton clarified he was socially engineered into coming into the seed phrase voluntarily, which is the assault vector the rip-off was designed to use.
“I’m not it’s all good,” Dutton wrote. “It’s simply onerous to get scammed. F*** all yall haters that referred to as me a liar. I been within the crypto circus since 2017. Right this moment they caught me off guard. It was my very own rattling fault for not being extra diligent. However let it function a warning. There’s so many scams.”
The incident follows a documented sample focusing on macOS customers. Cybersecurity agency Moonlock reported in 2025 on malware designed to exchange authentic Ledger Stay installations on macOS and immediate customers to enter their seed phrases. Mac App Retailer searches for “Ledger” have returned impostor apps listed by third-party sellers reasonably than the true developer, Ledger SAS.
Ledger has said for years that its software program is simply obtainable by means of ledger.com. The corporate is just not current in client app shops. Any app showing beneath a distinct developer title is fraudulent.
The mechanics of this assault are simple. A person searches an app retailer, finds a convincing itemizing, installs it, and enters their seed phrase when the app requests it. At that time, the attacker has full, everlasting entry to each pockets derived from that phrase. The {hardware} pockets itself gives no safety as soon as the seed is uncovered.
Self-custody requires that the seed phrase by no means depart the bodily Ledger system. It ought to solely be entered immediately on the system throughout preliminary setup. Typing it into any app, web site, or pc compromises your complete pockets.
As of April 12, 2026, mainstream information shops had not but coated the story. Bitcoin.com Information was the primary to report on the incident. G. Love indicated he would transfer ahead and expressed gratitude for his well being, household, and music profession, together with a latest efficiency at Tortuga Fest.
No authorized motion has been introduced.
