Garrett Dutton (개릿 더튼), a U.S. musician known as G. Love (G. 러브), was tricked by a malicious app impersonating the crypto wallet app Ledger Live that he downloaded from Apple’s App Store and had 5.9 bitcoin worth $420,000 stolen.

Cointelegraph, a blockchain media outlet, reported on April 13 that Dutton said he entered a wallet recovery seed phrase into the app and then had his holdings stolen.

Dutton wrote on X, formerly Twitter, that he had been preparing the bitcoin he accumulated over about 10 years as retirement funds. He described the situation by saying, "I had a really tough day today" and "I lost 5.9 BTC in an instant."

After the incident, the flow of funds was also confirmed. Crypto specialist ZachXBT (잭엑스비티) said Dutton’s bitcoin moved through nine transactions to a KuCoin-related deposit address. KuCoin left a customer support-style notice on the post.

Dutton said he suffered the loss after installing the malicious software on a newly purchased MacBook Neo and entering the seed phrase. He did not disclose which link he used to download the app. He wrote, "I’ve been in the crypto market since 2017, but I let my guard down in this incident," and "It’s my fault for not being more careful, but please take this as a warning. There are too many scams."

Similar methods have been repeated for years. In 2023, several users who downloaded a fake Ledger Live app posted on the Microsoft app store had bitcoin stolen totaling close to $600,000. Microsoft acknowledged at the time that the malicious app bypassed its review process and later removed the app.

Such losses go beyond individual hacking cases and tie into a broader rise in crypto scam damages. The FBI said on April 8 that losses from crypto-related cases in the United States exceeded $11 billion in 2025. That was an increase from $9 billion the previous year.

The key in this case is not an exchange hack or a wallet vulnerability, but that disguised software that looked like an official app passed marketplace review or gained users’ trust and directly extracted the seed phrase. Because entering a seed phrase once can immediately transfer control of assets, the app installation route and the phrase-entry step are emerging again as major risk points.

I had a really tough day today I lost my retirement fund in a hack/Scam when I switched my @Ledger over to my new computer and by accident downloaded a malicious ledger app from the @Apple store. All my BTC gone in an instant.