Oliver Knight, CoinDesk:

A fake version of Ledger Live distributed via Apple’s App Store has been linked to at least $9.5 million in crypto theft, with victims now coming forward describing devastating losses, including entire retirement funds wiped out “in an instant.” […]

The phishing campaign, active between April 7 and April 13, impacted more than 50 suspected victims across Bitcoin, Ethereum-compatible networks, Tron, Solana and XRP. […]

Apple removed the fake Ledger Live app from the App Store, but questions remain about how it passed review and how long it was available.

This was the Mac App Store. It’s a team I’m extraordinarily familiar with and have tremendous affection for. I still have many friends working in App Review and I’m excruciatingly aware of their workload and the pressure to review and approve apps quickly.

Kudos to Apple for acting quickly to pull the app, but c’mon y’all. Shame on you—the individual reviewers, the managers, all the way up—for approving this app. What’s especially frustrating is the app was approved not once, but several times over the course of a week.

Any app that touches the financial system in any capacity should receive extraordinary vetting during the app review process—including by subject matter experts—and should never receive approval without positive confirmation that the app is legitimate. Is it more work? Absolutely, but it’s the right tradeoff for such an important category, and the alternative—as here—is so much worse.

As a reviewer, you should always ask yourself “Am I OK with my loved ones using this app?” If not, flag it. I’d rather read about the real Ledger app taking weeks to get approved than about fake apps scamming people out of their savings.