Key Takeaways:
- Musician G. Love lost 5.92 BTC to a fake Ledger app on the Apple Mac App Store on April 11, 2026. The stolen stash at press time is worth $424,175.
- Onchain investigator ZachXBT confirmed the stolen funds were reportedly laundered through Kucoin deposit addresses.
- Ledger warns users to download software only from ledger.com, never app stores, to prevent seed phrase theft.
G. Love Bitcoin Hack
Garrett Dutton, frontman of G. Love & Special Sauce, publicly disclosed the loss the same day on X. He was setting up his Ledger hardware wallet on a new Apple computer when he searched the App Store for the official Ledger Live application. The app he downloaded appeared legitimate. It was not.
The fake app prompted him to enter his 24-word seed phrase, also called a secret recovery phrase. Once he typed it in, the attackers drained his bitcoin holdings immediately.
“I had a really tough day today I lost my retirement fund in a hack/scam when I switched my Ledger over to my new computer,” Dutton wrote on X. He posted the transaction hash and a bitcoin address, and asked followers who wanted to help him “re-up” to send funds.
He later confirmed that only his bitcoin was affected. No other holdings were involved.
Onchain investigator ZachXBT quickly traced the funds. He confirmed approximately 5.92 BTC was stolen and allegedly laundered across nine transactions into Kucoin deposit addresses. The transaction records are publicly visible on any BTC blockchain explorer.
Public reaction on X was divided. Many users expressed sympathy. Others raised questions about the plausibility of the story, noting that Ledger hardware wallets require physical confirmation on the device itself. Some pointed to the public donation address as a red flag. Dutton clarified he was socially engineered into entering the seed phrase voluntarily, which is the attack vector the scam was designed to exploit.
“I’m not it’s all good,” Dutton wrote. “It’s just hard to get scammed. F*** all yall haters that called me a liar. I been in the crypto circus since 2017. Today they caught me off guard. It was my own damn fault for not being more diligent. But let it serve as a warning. There’s so many scams.”
The incident follows a documented pattern targeting macOS users. Cybersecurity firm Moonlock reported in 2025 on malware designed to replace legitimate Ledger Live installations on macOS and prompt users to enter their seed phrases. Mac App Store searches for “Ledger” have returned impostor apps listed by third-party sellers rather than the real developer, Ledger SAS.
Ledger has stated for years that its software is only available through ledger.com. The company is not present in consumer app stores. Any app appearing under a different developer name is fraudulent.
The mechanics of this attack are straightforward. A user searches an app store, finds a convincing listing, installs it, and enters their seed phrase when the app requests it. At that point, the attacker has full, permanent access to every wallet derived from that phrase. The hardware wallet itself provides no protection once the seed is exposed.
Self-custody requires that the seed phrase never leave the physical Ledger device. It should only be entered directly on the device during initial setup. Typing it into any app, website, or computer compromises the entire wallet.
As of April 12, 2026, mainstream news outlets had not yet covered the story. Bitcoin.com News was the first to report on the incident. G. Love indicated he would move forward and expressed gratitude for his health, family, and music career, including a recent performance at Tortuga Fest.
No legal action has been announced.
