Update, April 15, 2.06 p.m. ET: Apple reached out to 9to5Mac with more information, which you can find below the original post.
Just as CoinDesk reported that a fake Ledger app had drained millions from App Store users, TechCrunch revealed that another app had been harvesting sensitive user data. Apple pulled both today. Here are the details.
Fake scan app stole funds from at least 50 users
According to CoinDesk, at least 50 people had their Bitcoin, Ethereum, Solana, Tron, and XRP funds stolen between April 7 and April 13, after a malicious app called Ledger Live slipped through review and landed on the App Store.
Three of the largest victims lost seven-figure sums, with $3.23 million in USDT being stolen on April 9, $2.08 million of USDC on April 11 and $1.95 million in BTC, ETH and stETH being drained on April 8.
The report says that the funds were traced to KuCoin deposit addresses associated with Audi A6, “a centralized crypto mixing service known for charging high fees to obfuscate illicit flows.”
CoinDesk says Apple removed the app from the App Store, but didn’t respond to requests for comment. Neither did KuCoin, which has faced legal troubles associated with money laundering violations.
It is not immediately clear how Ledger Lite got past app review, nor why Apple didn’t take action when the first reports of stolen funds began appearing after April 7.
CoinDesk’s report notes that “the incident may form the basis for a class-action lawsuit,” according to Blockchain investigator ZachXBT.
A rough day for App Store review
The Ledger Live case wasn’t the only one to raise App Store concerns today.
According to TechCrunch, Apple pulled a data harvesting app called Freecash from the App Store, after the app “appears to have tricked users as it quickly rose to the top charts” over the past few months.
The report notes that Freecash became popular on TikTok by promising users they could “make money just by scrolling TikTok,” when in reality, users were effectively trading sensitive personal data for rewards:
A Malwarebytes report notes that the app may collect information about users’ race, religion, sex life, sexual orientation, health, and other biometrics, adding that the app is essentially a data broker looking to match game developers with users who are willing to install and spend money on mobile games. Games promoted on Freecash include Monopoly Go and Disney Solitaire, among others.
The Malwarebytes report came just days after Wired also looked into the app, raising concerns about its misleading marketing and the scope of the user data it may have been collecting.
TechCrunch’s own investigation, based on data from Appfigures and AppMagic, found that an earlier version of Freecash, published by Almedia GmbH, was removed from the App Store in mid 2024.
Months later, an existing app called Rewards, published by Cyprus-based 256 Rewards Ltd, was rebranded as Freecash and climbed into the top charts, raising questions about whether Almedia used another developer account to return to the App Store.
Here’s TechCrunch:
Almedia’s re-entry into the App Store through another developer account may have been a way of circumventing a ban on the initial Freecash app. Using another developer to re-enter the App Store after a ban is a common, though rule-breaking, tactic. (Almedia’s spokesperson declined to comment about its earlier app takedown.)
A Washington Post report about the scam app ecosystem noted this trend, highlighting several fraudulent apps that would disappear from the App Store and then reappear under a different developer account. Other independent investigations have documented this tactic as well, and often, scam apps’ owners operate a portfolio of accounts, it’s been reported.
TechCrunch says that Freecash was removed from the App Store after the site reached out to Apple for comment, as it worked on the story:
After TechCrunch reached out to Apple for comment, the company removed Freecash from the App Store for violations of its rules on Monday, citing the misleading marketing. Apple pointed TechCrunch to two App Store Review Guidelines, 3.1.2(a) and 2.3.1, which forbid scamming users, engaging in bait-and-switch tactics, and marketing apps in a misleading way.
Almedia, meanwhile, “denied allegations of driving artificial traffic to its platform or using deceptive marketing techniques,” and added that its apps “are fully compliant with the Apple App Store and Google Play Store policies, as demonstrated by the fact that they are live and regularly pass platform reviews.”
Update, April 15, 2.06 p.m. ET: In a statement to 9to5Mac, Apple said it has zero tolerance for fraudulent or malicious apps, pointing to its App Review Guidelines, which prohibit apps that try to scam users, include hidden or undocumented features, or rely on bait-and-switch tactics.
The company confirmed that, in addition to removing the Ledger Live app from the App Store, the developer account associated with it was terminated. Apple also said users can report scams, fraud, and other abusive or illegal content through https://reportaproblem.apple.com/, stressing that it takes such reports seriously and will take immediate action against apps that violate its guidelines.
As for Freecash, Apple also removed the app from the App Store and terminated the developer’s account over violations of App Review Guidelines sections 3.1.2(a) Permissible uses, and 3.2.2 Unacceptable, which cover misleading business practices, deceptive app behavior, and attempts to scam users.
Finally, Apple pointed to a study published in May 2025, which found that in the previous year, it removed or rejected more than 17,000 apps for bait-and-switch violations, rejected over 320,000 submissions for being spam, misleading, or copying other apps, and blocked more than 37,000 potentially fraudulent apps from reaching users.
Worth checking out on Amazon
- David Pogue – ’Apple: The First 50 Years’
- MacBook Neo
- Logitech MX Master 4
- AirPods Pro 3
- AirTag (2nd Generation) – 4 Pack
- Apple Watch Series 11
- Wireless CarPlay adapter
FTC: We use income earning auto affiliate links. More.
Comments