Philadelphia-based singer-songwriter Garrett DuttonHe is better known by his stage name G.Love of the group G. Love & Special Saucemade public a devastating financial setback. On April 11, 2026, Dutton revealed on social media that he had lost approximately 5.9 BTC since his retirement, worth over $420,000 at the time. saving.
The incident occurred during the transfer Notebook Installing a hardware wallet on a new computer.
I had a really tough day today, I lost my retirement fund to a hack/scam. @Notebook I moved to my new computer and accidentally downloaded a malicious notebook application. @Apple shopping centre. All my BTCs were suddenly gone.
— G. Love (@glove) April 11, 2026
In the process, he downloaded what appeared to be the official Ledger Live app directly from Apple’s Mac App Store.
However, the software was actually a fake version designed to collect sensitive information.
Dutton described that moment as a sudden and irreversible blow and noted that the entire balance of the ten-year history was disrupted. bitcoin After entering the 24-word recovery seed phrase into the fake app, it instantly disappeared.
He shared the transaction hash of the theft and even posted a Bitcoin address to appeal for community support to help rebuild his savings.
blockchain researcher ZachXBT Quickly tracked down stolen funds and verified roughly 5.92 Bitcoin were processed through a series of transactions and deposited to KuCoin addresses, effectively laundering the assets.
This latest episode highlights a persistent vulnerability in the cryptocurrency ecosystem where malicious applications that closely mimic legitimate wallet software are exploiting unsuspecting users.
Ledger users have encountered similar scams before. Cybersecurity in May 2025 researchers -most Moon Lock Lab Documented active campaigns distributing fake Ledger Live clones specifically targeting macOS users.
These scammers will replace the original app, display fake “critical error” alerts, and ask victims to enter exact recovery phrases under the guise of account recovery or security verification.
Once sent, the seed phrase was transmitted to attacker-controlled servers, which were instantly activated. purse drainage – exactly the method reportedly used against Dutton.
Ledger’s security history includes other high-profile incidents that triggered similar attacks.
The company’s 2020 customers data Breaching exposed names, email addresses, phone numbers and physical information of over a million users.
This leak triggered years of follow-up phishing The waves include fake firmware updates, email alerts, and even physical letters sent to victims encouraging them to “verify” their seeds via QR codes that link to fake apps.
by 2025 scammers It had begun impersonating Ledger support through cloned websites and app store listings, often leveraging the same database that had been leaked.
Official Notebook the documents repeatedly warn that the company will never ask for the 24-word recovery phrase through any app, email or website; however, these tactics remain successful because they target users during routine actions such as device migration or software updates.
While some online skeptics questioned the details of Dutton’s account, they pointed to Apple’s review process and the need for physical confirmation on the hardware. wallets— On-chain evidence and independent reporting confirmed the loss.
This serves as a painful reminder for crypto holders. We always need to verify app publishers (legitimate Notebook Live “Ledger SAS” is listed as the seller, fakes use unrelated entities), download software Get it from official sources only and never enter a seed phrase into any internet-connected device or third-party application. Equal hardware wallets It is only as secure as the user’s recovery phrase protection practices.
