There’s a rule that every crypto holder learns, or should learn, early: your seed phrase never goes anywhere near an internet-connected device. Not an app. Not a website. Not a computer. Only onto the hardware wallet itself, directly, during setup.
Garrett Dutton, the Philadelphia musician known as G. Love and frontman of G. Love & Special Sauce, learned that rule the hard way on April 11. He lost 5.9 Bitcoin, roughly $420,000, in what turned out to be one of the oldest tricks in the crypto scam playbook, delivered through one of the most trusted environments in consumer technology: the Apple App Store.
“I had a really tough day today. I lost my retirement fund in a hack/scam when I switched my Ledger over to my new computer,” Dutton posted on X. “All my BTC gone in an instant.”
How it happened
The setup was deceptively simple. Dutton had just bought a new Mac and needed to reconfigure his Ledger hardware wallet, a physical device that stores crypto keys offline and requires dedicated software, called Ledger Live, to manage. He opened the App Store, searched for Ledger, and downloaded what looked exactly like the real thing. It wasn’t.
The counterfeit app was listed under a third-party developer, not Ledger SAS, the company behind the hardware wallet. But it was polished enough to look legitimate. Once Dutton opened it and began what seemed like a routine setup, the app asked him to enter his 24-word seed phrase, the master key that controls access to everything in a crypto wallet.
A seed phrase should only ever be entered on the physical hardware device itself, never on a phone, laptop, or any software application, no matter how official it appears. The moment Dutton typed his into the fake app, the attackers on the other end had everything they needed. The drain was automated and near-instant.
Blockchain investigator ZachXBT traced the stolen funds independently. He confirmed that 5.92 BTC was moved across nine transactions, then deposited into KuCoin addresses, a common laundering pattern that routes stolen funds through a centralized exchange quickly to obscure the trail.
When asked whether recovery was likely, ZachXBT said he did not expect KuCoin to intervene, adding pointed commentary about the exchange’s compliance record. Dutton said the stolen Bitcoin represented a decade of savings. “I lost 5.9 BTC all I had for ten years I worked on this,” he wrote.
The broader problem with app stores
When this story spread on X, some users pushed back, questioning how a Ledger user of several years could have made this mistake. Dutton addressed the sceptics directly: “I been in the crypto circus since 2017. Today they caught me off guard.”
That response matters, because experience doesn’t make people immune to this. The attack mostly required a moment of inattention, a transitional situation like setting up a new device, and a fake app that looks good enough to pass a quick glance.
Ledger itself has repeatedly warned that both the Apple App Store and Google Play can host fake wallet applications that appear professional, carry fabricated reviews, and function normally right up until the moment they request a seed phrase.
The company’s official explicit guidance is to download Ledger Live only from ledger.com, never from an app store. That guidance exists precisely because the situation Dutton found himself happens regularly.
Beau, head of security at NFT project Pudgy Penguins, used the incident to issue a public advisory, highlighting the cardinal rule: a hardware wallet seed phrase should never be entered on any internet-connected device, under any circumstances, not for recovery, not for setup, not for software updates. The only legitimate place to enter it is on the hardware device itself.
The scale of the problem
Dutton’s case is painful in isolation. Set against the full picture of crypto fraud in 2025, it fits a pattern that’s growing harder to ignore.
According to the FBI’s Internet Crime Report, crypto-related fraud losses climbed to a record $11.36 billion in 2025. The Internet Crime Complaint Center received 181,565 crypto-related complaints last year, a 21 percent rise from 2024, with an average reported loss of $62,604 per incident. In total, 18,589 victims reported losses exceeding $100,000 each.
Phishing and impersonation-related losses surged roughly 1,400 percent year-over-year across the 2025 to 2026 period. Personal wallet theft alone accounted for approximately $713 million in losses across 158,000 incidents in 2025. Fake wallet apps, listed in reputable marketplaces under convincing names, have become one of the most frequently used vectors.
The uncomfortable question sitting in the background of this story is why Apple’s review process allowed a malicious financial application to remain live long enough to drain a musician’s retirement savings. Apple has not commented publicly on the incident, and no takedown notice has been confirmed.
For anyone holding crypto in self-custody, meaning you manage your own keys rather than leaving funds on an exchange, the lesson here is one worth repeating even if you’ve heard it before. Your seed phrase is the wallet. Whoever has those 24 words controls everything. An app, any app, should never be the thing you type them into.