> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.
Thankfully the App Store doesn't allow side loading, because it completely stops fraud like this. At least that's the number one reason why I keep getting told if we allow side loading this will happen.
Is there more scams of web3 in the App Store or on the open internet? Not defending Apple but kind of a strawman to claim they said it stops 100% of fraud and abuse. That’s like saying seatbelts don’t work because people still get hurt in car crashes.
Eh, kinda a weak argument. Too easy to counter with "but sideloading would let that happen more!" That might even be right, and a difference in amount is important. There will never be a totally secure system, after all.
I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.
This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
> people entered their seed phrases into the app, then discovered their wallets were immediately drained.
Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.
I'm probably over thinking this and it was just a quick and dumb money grab.
They only needed it to exist on the app store for a week before stealing millions with zero recourse.
These wealthy crypto people need to stop being cheap and hire financial advisors. The only reason for not doing so is if it was gained illegally in the first place.
If apple were liable for this you could do a double dip where you use your own fake app to "steal" money from a massive wallet you own and get apple to pay you back for "your loss". In addition to your other ill gotten gains.
But have you thought of children? God forbid they give money to illegitimate scammers when legitimate one aren’t getting enough cash from legal gambling like loot boxes.
This should not have happened. But I have a hard time finding any sympathy for cryptocurrency folks. The quote from the article:
"I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant."
Leaves me really shaking my head. If someone has the knowledge to even buy bitcoin or cryptocurrency, I imagine they have enough knowledge to know how utterly crime-ridden and risky of a speculation it is. It's like if someone decides to put their retirement fund into buying bulk illegal drugs and then selling them at a massive markup. Pretty risky, potential high upside, but given they assessed and then accepted the risk, hard to feel bad when they get robbed of all their drugs and lose their retirement funds.
Source article: https://www.coindesk.com/business/2026/04/14/a-fake-ledger-a...
Choice quote:
> Blockchain investigator ZachXBT later traced the stolen 5.92 BTC [0], showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.
Ah, there's nothing else quite like a Seychelles-based cryptocurrency exchange which was booted from the US for facilitating money laundering. This is good for Bitcoin.
[0]: https://t.me/investigations/313#
Thankfully the App Store doesn't allow side loading, because it completely stops fraud like this. At least that's the number one reason why I keep getting told if we allow side loading this will happen.
Is there more scams of web3 in the App Store or on the open internet? Not defending Apple but kind of a strawman to claim they said it stops 100% of fraud and abuse. That’s like saying seatbelts don’t work because people still get hurt in car crashes.
The App Store is totally safe, so I don't need to think about what I download or do any due diligence!
Eh, kinda a weak argument. Too easy to counter with "but sideloading would let that happen more!" That might even be right, and a difference in amount is important. There will never be a totally secure system, after all.
I think the actual problem is with how the App Store changes the way people think about and relate to software. The fact is, running code on your computer is dangerous. You are trusting it with control over its operations. The responsible thing to do is provide platform-level safeguards (permissions systems, sandboxing) and engender a general understanding that you should only run an app vetted by someone you would hand your phone to.
This is fundamentally incompatible with software as a market, of course, so this path will never be taken.
If they did, we’d be reading about such cases daily.
So certainly the DUNS, phone number, and physical address information will give up the perpetrators, thank goodness for Apple developer registration.
> people entered their seed phrases into the app, then discovered their wallets were immediately drained.
Why did they cash out immediately? Wouldn't it be much smarter to send the seed phrase to a server and stay undetected for longer just collecting seed phrases until you sweep them all at once?
maybe they had a check to determine total value of all collected seeds and then triggered auto sweeps from a certain threshold to guarantee a minimum.
Not sure what the game theory optimal way of stealing is!
That would make sense.
But perhaps they just made a transaction directly from the app to a hardcoded address. Not making any additional network requests might decrease the chance of being flagged by automated systems in the Appstore review process. Then again you could just disguise these requests as ordinary block chain connections.
I'm probably over thinking this and it was just a quick and dumb money grab.
Game theory of cybercrime is way too interesting.
Here is the archived App store page...
https://archive.ph/4RVLf
Entering your seed phrase with that much money on a phone is really non-sense :/
Unidirectional wall garden.
They only needed it to exist on the app store for a week before stealing millions with zero recourse. These wealthy crypto people need to stop being cheap and hire financial advisors. The only reason for not doing so is if it was gained illegally in the first place.
A lot of people got into crypto because they want to manage their own money. They aren't going to use crypto financial advisors.
> A lot of people got into crypto because they want to manage their own money
uncontrollable laughter
Apple should be liable for this.
If Walmart sells a dangerous product, even unknowingly, they can be liable. Why are digital stores different?
If apple were liable for this you could do a double dip where you use your own fake app to "steal" money from a massive wallet you own and get apple to pay you back for "your loss". In addition to your other ill gotten gains.
Walmart wasn't created late enough in the 2nd gilded age to effectively lobby the government against having any rules
I thought that Apple was reviewing each and every app which was the reason that justified them getting a silly 30% margin from all app revenues?
Apple only banned they app because they didn't get a 30% cut of the stolen crypto
Does this mean that because seatbelts and air bags exist to save my life in a crash I should be less careful driving?
Like staying warm, it’s all about layers.
I thought that Apple ecosystem had no bad apps as it prevented sideloading. I have heard that as reasoning to prevent it multiple times here on HN.
"A plane crashed? See! FAA regulations are useless and the agency needs to be disbanded."
I think people are less safe overall because they believe the walled garden is safe and they let their guard down.
hOw WOulD mY graNDparNtS AvOiD getTiNG sCAmmED iF APPLE did nOT locK dOWn evEryThinG ?
Not "investing" in cryptocurrency would be a good start. =)
But have you thought of children? God forbid they give money to illegitimate scammers when legitimate one aren’t getting enough cash from legal gambling like loot boxes.
ThEY sHoUlD Pay AttENtIoN tO WhAt tHey aR3 d01n6!
Apple should be on the hook for that. If you moderate, you are responsible for damage.
Censor, not moderate. Let's be honest.
Contact your representative?
This should not have happened. But I have a hard time finding any sympathy for cryptocurrency folks. The quote from the article:
"I lost my retirement fund in a hack/Scam when I switched my Ledger over to my new computer and by accident downloaded a malicious ledger app from the Apple store. All my BTC gone in an instant."
Leaves me really shaking my head. If someone has the knowledge to even buy bitcoin or cryptocurrency, I imagine they have enough knowledge to know how utterly crime-ridden and risky of a speculation it is. It's like if someone decides to put their retirement fund into buying bulk illegal drugs and then selling them at a massive markup. Pretty risky, potential high upside, but given they assessed and then accepted the risk, hard to feel bad when they get robbed of all their drugs and lose their retirement funds.