Apple's App Store approved a fake Ledger wallet app on April 7 that remained available until removal on April 13, resulting in $9.5 million drained after users entered seed phrases into the malicious software (https://www.web3isgoinggreat.com/?id=fake-ledger-app). One victim reported losing 5.9 BTC valued at approximately $445,000 after migrating a Ledger to a new computer (G. Love tweet thread archive). ZachXBT traced proceeds through KuCoin, noting the three largest victims each lost seven figures, and linked the exchange to prior U.S. fines exceeding $20 million for AML and licensing violations (ZachXBT telegram post archive; CoinDesk reporting).

This Ledger incident connects to concurrent events including the Hyperbridge bridge exploit that netted attackers $237,000 in minted DOT two weeks after an April Fools' prank claiming a $37 million Lazarus group drain (Protos archive; 0xMarforio tweet archive). Similarly, the Solana-based Drift protocol suffered a $285 million loss via durable nonce attack that seized Security Council powers, attributed to sophisticated social engineering with North Korean ties, during which Circle did not freeze associated USDC for six hours (The Block reporting; Drift Protocol tweet thread). Bitcoin Depot separately disclosed a March 23 compromise of IT systems and wallet credentials that stole 50.9 BTC worth $3.67 million (SEC Form 8-K, April 2024).

Primary coverage omitted the systemic overlap: Apple's static vetting missed runtime seed-capture behavior also seen in 2022 fake wallet campaigns cited in Elliptic research, while KuCoin's role mirrors laundering paths documented in Chainalysis 2023 Crypto Crime Report estimating North Korean actors extracted $1.1 billion since 2017. These cases collectively demonstrate how app store distribution, DeFi admin compromises, and exchange gaps form an integrated attack surface missed by siloed reporting.