Fake Ledger Live App in Microsoft App Store Results in $588K Stolen

Blind Signing refers to signing a transaction you don’t understand and cannot interpret in a human-readable format. This is where Ledger’s security model separates itself from the norm. Owing to this, Ledger secures 20% of the world’s total crypto value today.

Find the right Ledger hardware wallet for you

• These chips, found in every Ledger device, are designed to safeguard private keys and sensitive data by implementing multiple countermeasures against side-channel and fault attacks.
• All three tech behemoths have had run-ins with rogue apps on their stores – especially the official app store for Android smartphones and tablets, Google Play.
• Blind signing has led to many such significant losses in the crypto community, as users unknowingly authorize transactions that give scammers access to their assets.
• As of 2024, Ledger has sold over 7 million hardware wallets – none of which have ever been hacked.
• One of the biggest concerns for anyone practicing self-custody is losing their secret recovery phrase.
• Contrary to popular belief, your crypto wallet doesn’t ‘store’ any crypto.
• ZachXBT followed up with an update hours later confirming that the app’s developer had made off with $768,000 before Microsoft finally learned of the scam and yanked the app from its digital marketplace.
• It unapologetically pushed that update live, eliminating years of perception that private keys never left a hardware wallet.
• Staking cryptocurrency is similar to—but not exactly the same as—earning interest from your bank on your savings account.
• Ledger hardware wallets offer secure self-custody, and its security model is the reason Ledger has remained at the forefront of crypto security.

Designed with accessible sizing, enjoy the all new secure touchscreen user experience to manage crypto and NFTs. Private access keys are always stored in an isolated environment on hardware wallets, which eliminates the possibility of third-party access. Enter the official website and from here download the application that would coincide with the installed version of the operating system. After the download, run the executable file containing the application, perform the application installation. After finishing the process of installation, select the button „Finish”.

Characteristics About Ledger Live App for Mac OS:

Pick one and will now have accessed the wallet with your Ledger Nano. Members of the crypto community have lost $768,000 after downloading a fake Ledger Live app from the Microsoft app store. This application is supported by Windows 10, and both have 64-bit versions of the OS. For stable work, the minimum capacity of RAM should be at least 2 GB. Also, while installing the program, it may be necessary to allocate at least around 100 MB of free hard disk space for this purpose.

The Ledger Live JavaScript Ecosystem

Unlock the future of crypto security and style – buy a Ledger Stax. Because your digital assets deserve the ultimate premium experience. Ledger’s secure operating system is another important layer of defense. The Secure Ledger OS keeps different applications isolated from one another and ensures the information on the Secure Element is encrypted. This separation ensures that even if you are using multiple blockchain networks or interacting with various dApps, services, or apps, each one operates in its own secure environment.

Installation

The Fantom Ledger wallet app is currently available via ledger live , ledger-live-official.net in Experimental Mode. According to BleepingComputer, the fraudulent app had been in the store since Oct. 19. The cyber news site also shares a Reddit post by a person claiming to have lost their life’s savings – $18,500 bitcoin and about $8,000 in alt coins – to this rogue app’s developer. In a flash alert on X (formerly Twitter), cryptocurrency analyst ZachXBT sounded the alarm that Microsoft’s app market was housing a rogue app designed to steal crypto. As part of Ledger’s vision, this tool aims to onboard a new generation of crypto users by providing an easier, more secure way to embrace self-custody, rather than relying on centralized or insecure solutions. Instead, Ledger Sync uses the Ledger Key Ring Protocol to generate encryption keys directly from your Ledger device.

Unique code

This is thanks to the fact that Ledger Live is designed to work seamlessly with Ledger hardware wallets plugged into your mobile phone using the provided USB cable. When you set up a hardware wallet, a 24-word seed phrase is created, which is a backup copy of your keys. Ledger Live requires you to enter a PIN code every time you connect the device, preventing unauthorized access to your assets.

Discover what security feels like

This guarantees that “what you see is what you sign”, empowering users to never trust blindly but always verify directly on their device’s secure screen in a clear, understandable format. Hardware wallets are non-custodial wallets that come in many different types, but how would you know if they are truly secure? Some hardware wallets do not even have screens, which means you need to rely on the screens of your laptop, tablet, or mobile device. This places you at considerable risk because these screens are built for performance and not security and can be tampered with by bad actors. Ledger Live is the official mobile app for users of Ledger hardware wallets. It provides a secure way to manage and view cryptocurrency balances on the go directly from your mobile device.

Ledger Live Download & Install

• As a courtesy to the community, REKTbuildr forked Ledger Live software, removed its tracking codes, and uploaded the patched software to GitHub.
• With over 1 million units sold worldwide, the Ledger Nano S is the most popular hardware wallet.
• Transactions are signed inside the device, which eliminates the possibility of their interception by intruders.
• Without a secure screen, there is no way to know whether you’re signing a malicious transaction or not.
• Once you have unlocked your existing or newly configured Ledger hardware wallet, you can start using Ledger Live.
• After I sent a message I got a generic ‘we’ll be back to you asap’ and when they finally got back to me 2 days later I got a generic answer for a question I wasn’t asking.
• The developer, Ledger SAS, indicated that the app’s privacy practices may include handling of data as described below.

It is possible to get rewards by staking ETH, SOL, ATOM, ADA and several other coins and tokens. Join the 10,000+ crypto investors & enthusiasts who receive exclusive discounts, crypto investing and security guides, digital privacy protection tips and more every week. If you want to store or transfer Etheruem (or any tokens living on Etheruem) install the Eth app. Any group or individual on Telegram or WhatsApp claiming to be Ledger Support is trying to steal your crypto. As always, stay vigilant and never share your recovery phrase with anyone.

Official LEDGER LIVE™ download page

Sleuths have discovered a vast data harvesting operation by the world’s largest hardware wallet manufacturer, Ledger. The integrations with Ledger hardware wallets like Nano S, Nano X, and Stax guarantee the safety of the applications. In other words, all keys are stored on a hardware device, and it is physically impossible to steal them through the Internet. This application also supports two-step authentication and timely updated security. Most hardware wallets drive their screens with an MCU chip, which is not as secure as the Secure Element chip used in all Ledger devices.

Ledger Live Crypto Wallet

Naturally, Ledger had very little to say about analytics harvesting on its social media. Its disinterest comes as little surprise to the digital asset community. As a courtesy to the community, REKTbuildr forked Ledger Live software, removed its tracking codes, and uploaded the patched software to GitHub. The developer, Ledger SAS, indicated that the app’s privacy practices may include handling of data as described below. With the Fantom app running, access the Fantom fWallet homepage and click on the Ledger button. With Developer mode enabled, select Manager in the sidebar and search for Fantom.

With Ledger Live, it’s possible to manage and stake your digital assets, all from one place

Lastly, you will land on the Fantom app screen where you can confirm that the app is version 1.0.6 and it’s ready. To access the wallet, connect the Ledger to your computer and enter your pin. You can see your addresses information and balances, send FTM, stake FTM, mint sFTM and access the DeFi suite as well. Select the Apps installed tab to confirm the installation was successful. The scammer had “amended” his own version of the open source Ledger Live software before submitting it to the Microsoft Store. The app review team failed to notice some red flags, as highlighted by some.

Choose from a range of service providers – Paypal, Ramp, MoonPay, Sardine – and select the option that works best for you. Given all the signals that alert of a possible scam, it is uncertain how the fraudster managed to publish the app in the Microsoft Store. ZachXBT believes that the vetting process is not thorough enough. Microsoft reacted on the same day and removed the app from the store but the fraudster had already transferred more than $768,000 from victims.

• Unlike most apps, the Ledger Live crypto wallet app keeps your data directly on your phone or computer, so there’s no need to sign in using an email and password.
• Put simply, if the cryptocurrency runs on its own blockchain, then it is a coin.
• Put simply, using your phone or laptop to store private keys is like leaving a bank vault in the middle of a shopping mall.
• Ledger Recover gives you peace of mind and the power to regain access to your accounts—wherever you are, with just your identification.
• This makes complex crypto transactions understandable and transparent, giving you the confidence to make informed decisions.

For the time being, the safest place to download the official Ledger Live app is from the developer itself. For installation on Android devices, the version of the operating system must be higher than Android 7.0. You will need to allocate at least 100 MB of free space and 2 GB of RAM.

Can I handle multiple cryptocurrencies using the Ledger App?

Without a secure screen, there is no way to know whether you’re signing a malicious transaction or not. The Secure OS also ensures that all interactions with the Secure Element (which holds your private keys) are fully encrypted, providing an additional layer of protection. Whether you’re staking tokens, swapping assets, or managing NFTs across different blockchains, you can trust that your private keys and transaction data remain protected, even in the most complex operations. The beauty of using a crypto wallet is the security it provides to your private keys. The big idea behind crypto wallets is the isolation of your private keys from your easy-to-hack smartphone or computer – basically anything that can expose your private keys on the internet.

This guide provides complete step by step instructions on how to setup a new Ledger Nano S hardware wallet, using the Ledger Live application. With over 1 million units sold worldwide, the Ledger Nano S is the most popular hardware wallet. The device is praised for its security and its support for a wide variety of coins. If you do not already own one, you can purchase a Ledger Nano S here. To send or receive any crypto, the first thing you need to do on your new Ledger is install the apps for the cryptocurrencies you want to store.

Ledger: Self-Custody Meets Superior Security

„Ledger makes cold storage downright easy. My NFTs land infinitely safer and I don’t have to feel as paranoid about connecting to new smart contracts.” Always make sure your URL says „ledger.com” when using the Ledger website. Mentions of any cryptocurrencies or projects outside of the context of a legitimate Ledger-related question will be removed, and may result in a ban after repeated offenses. Flair is that little box displayed next to usernames saying „Ledger Customer Success” or something similar.

There is a limited association of your Ledger Live app on your computer with the iPhone platform and a full connection of the hardware wallet device with Android phones. Ledger has already shocked the community’s trust in its hardware wallets. In May, it announced a controversial Recover service that shared abilities to remotely decipher the private keys on one’s hardware wallet. It unapologetically pushed that update live, eliminating years of perception that private keys never left a hardware wallet.

When you are staking with Ledger Live, it is important to note that your private keys remain in your wallet at all times. This means that you remain in control of your cryptocurrency at all times. The cryptocurrencies that you can stake from your Ledger Live include, but are not limited to Tezos (XTZ), Solana (SOL), Ethereum (ETH) and much more. If you own some XTZ tokens, you can stake them through the Ledger Live app to help secure the Tezos blockchain. Similarly, if you own some TRX, you can stake them to help secure the Tron blockchain.

Once you have unlocked your existing or newly configured Ledger hardware wallet, you can start using Ledger Live. (If you are requiring further assistance, visit the support section of the official Ledger website. With staking, you earn rewards in return for locking up—or staking—your cryptocurrency in special contracts that help secure the blockchain network to which that cryptocurrency is native. To begin, download the Ledger Live app on your Android phone. Then, connect the OTG cable that came with your device to your phone. After scanning, in the next screen on your phone, you will see that Ledger Live will give you the option to select which accounts you want to synchronize with your iPhone.

• Moreover, if your Ledger device is locked or switched off, NFC capabilities are automatically powered off.
• Your crypto assets are stored on the blockchain and your crypto wallet simply allows you to manage those assets through an interface.
• The only thing Ledger cannot protect you from is user error.
• In the latter case, you simply need to enter your secret recovery phrase to unlock the device and set a new PIN.
• Ledger Live is the official mobile app for users of Ledger hardware wallets.
• The application is sending tracking data to a service called segment.io.

It serves as a user-friendly interface where you can seamlessly manage all your crypto assets and currencies in one secure place. Crypto wallets come in many forms, from hardware wallets, like Ledger’s, to mobile apps that you can download on your phone or tablet. You now know how to setup your Ledger Nano S with Ledger Live and send and receive transactions. As long as you protect your word seed and your Ledger Nano S physical device, then you can rest easily knowing your cryptoassets are being stored by the most secure method. Ledger’s reach is significant, and any of its users stand to benefit greatly from being able to transact with USDC on Stellar. USDC on Stellar combines the power and inclusivity of the Stellar network with one of the world’s fastest-growing digital dollar currencies.

Hackers can relatively easily and affordably replace the firmware on an MCU chip. If they manage to access the MCU that controls your wallet’s screen, they could bypass the need to access your private keys directly. Non-custodial wallets are crypto wallets that give you ownership over your digital assets—only you can manage your private keys. However, not all non-custodial wallets offer you the same kind of security. There are different types of crypto wallets, each with its own benefits and drawbacks.Hot wallets are connected to the internet and usually convenient to use, however, they are also vulnerable to online attacks. Cold wallets keep your private keys offline and out of reach of online threats.

• Transactions are signed inside the device, which eliminates the possibility of their interception by intruders.
• The intuitive interface provides ease of use for beginners, and the range of options allows you to cover all the needs of advanced traders.
• Without a secure screen, there is no way to know whether you’re signing a malicious transaction or not.
• As a courtesy to the community, REKTbuildr forked Ledger Live software, removed its tracking codes, and uploaded the patched software to GitHub.
• After I sent a message I got a generic ‘we’ll be back to you asap’ and when they finally got back to me 2 days later I got a generic answer for a question I wasn’t asking.
• With over 1 million units sold worldwide, the Ledger Nano S is the most popular hardware wallet.

After a sarcastic response from me I finally got a sensible, knowledgeable, answer, all be it a couple of days later again. Web3 wallets are extremely user friendly, letting you log in and navigate decentralized apps with ease all while keeping your private keys safe. Think of it as your digital superhero cape—giving you power and security in the wild, wild Web3. Hot wallets store private keys on systems connected to the internet, which makes them susceptible to online attacks.

After installation, navigate to the app on your Ledger device and open it.9. Use the buttons on your Ledger device to navigate and interact with the app. For example, you can send or receive transactions, check balances, and perform other actions depending on the app’s functionality.10.

Self-custody means you and you alone hold and manage your private keys, giving you full control over your digital assets. It eliminates the need for third-party custodians, making you solely responsible for the security of your assets. Been using this for a couple of months now and I move my crypto to my Nano X using my desktop app so I can scan the QR codes.

Once activated, Ledger Sync automatically updates your Ledger Live apps on both desktop and mobile every 10 seconds, eliminating the need for manual updates. Any changes to your accounts are instantly reflected across all your devices, ensuring consistency and saving you time. Ledger Live makes decentralized communication easy with apps like WalletChat and Inbox by Dispatch. These apps allow users to securely send messages between wallets and offer encrypted, wallet-based communication without relying on centralized messaging platforms. With E-Ink® technology, users enjoy optimized readability, the ability to display their favorite NFTs even when the device is off, and multi-device connectivity to smartphones or computers. Plus, with a battery that lasts weeks on a single charge, Ledger’s secure touchscreens combine convenience, security, and innovation in one sleek package.

For buying crypto, Coinify aggregates prices from different providers to ensure competitive deals. Ledger Live makes it so that even a newcomer to web3 can easily buy and sell crypto directly in the app through integrated buy providers like MoonPay, Coinify, and Transak. You can use your credit card to purchase a whole range of cryptocurrencies, all while keeping everything secure with your Ledger device. This results in reduced errors and a device that’s familiar to use, especially for those new to self-custody. Upon setup, every Ledger device prompts users to create a 4-to-8-digit PIN code to unlock the device. These wallets physically store your private keys within a chip inside the device itself.

All Ledger employees are given this flair to indicate their official status. The best thoughts focus on the idea rather than the person who’s communicating the idea, whether it’s someone on the forum or a public figure. This means that even if your computer or smartphone is attacked, the keys remain protected.

I added Crypto over a week ago in my desktop app (NEAR) and it’s still not showing in the phone app, making it utterly useless. These days it should be able to accomplish everything the desktop app can. After I sent a message I got a generic ‘we’ll be back to you asap’ and when they finally got back to me 2 days later I got a generic answer for a question I wasn’t asking.

For letting the bank hold your money, they pay you some interest on a regular basis. If you want to store or transfer Bitcoin, download the Bitcoin app. Again, anyone asking you for your recovery phrase is a criminal. The applications are user-facing programs which depend on one or more libraries. We will show the parallel actions between your devices where appropriate.

These chips, found in every Ledger device, are designed to safeguard private keys and sensitive data by implementing multiple countermeasures against side-channel and fault attacks. Due to the proprietary nature of these chips, parts of the Secure Element’s software remain closed source to protect the intellectual property tied to their functionality. Unlike traditional backup methods, it ensures your private keys remain entirely in your control, meaning your self-custody is never affected.