Over half a million dollars in Bitcoin has been stolen after a fake Ledger crypto wallet management app was downloaded from the Microsoft App Store and used by unsuspecting customers.
On Saturday, Blockchain analyst ZachXBT first posted on Twitter that hackers had made away with 16.8 Bitcoin—today worth $587,238—due to people downloading the malicious app.
Since then, he added, over $180,000 in Ethereum and BNB Smart Chain has been stolen, bringing the total value of lost crypto to $767,238.
ZachXBT subsequently reported that Microsoft had since removed the fake app from the store, posting screenshots of the App Store entry when it was available and an error message showing it had since been removed.
Microsoft’s press department did not immediately respond to Decrypt’s request for comment.
Ledger is a major hardware wallet company, but to use its products, users need to download an app to their computer. A malicious app would mean would-be crypto investors could end up sending their digital assets to a thief’s address, thinking it was be their new, safe, offline place for storing their coins and tokens.
Counterfeit or malicious apps are nothing new and have been an issue for Microsoft for over a decade. The software giant has previously said that it was working to combat the problem.
The number of hacks in the crypto space has rocketed this year. The notoriously complex and scammy decentralized finance (DeFi) space has mostly made headlines but increasingly sophisticated cyber criminals have also been targeting major crypto brands and wallets.
Ledger had also not responded to Decrypt’s questions by the time this story was published.