Garrett Dutton, widely recognized as musician G. Love, lost almost 6 BTC valued at over $424,000 after downloading a fraudulent Ledger app from Apple’s Mac App Store and entering his recovery phrase. Dutton is known for his solo work and his band G. Love & Special Sauce, blending blues, hip-hop, and rock. He remains active in the music scene, performing and recording new material.
How the scam unfolded on Mac App Store
Dutton explained that he was migrating his Ledger hardware wallet to a new Apple computer when he searched the Mac App Store for Ledger Live, the platform’s official management app. He downloaded what appeared to be a legitimate application, which then prompted him to enter his 24-word seed phrase.
After inputting the sensitive phrase, Dutton soon noticed that his entire Bitcoin balance had vanished. The stolen amount totaled 5.92 BTC, funds he described as his retirement savings accumulated over a decade of work in the music industry.
“I lost 5.9 BTC all I had for ten years I worked on this f#ck be careful out there,” Dutton stated as he warned others about the mistaken trust in app store listings.
On-chain researcher ZachXBT managed to trace the stolen Bitcoins. The funds reportedly moved through a series of deposit addresses linked to KuCoin, a major global crypto exchange based in Seychelles and serving millions of users. KuCoin provides trading services for a wide range of digital assets and has become known for its accessibility and global reach.
ZachXBT gave specifics on the transactions, publishing on social platform X the exact transaction IDs through which the Bitcoin had been laundered. These details highlighted the rapid and organized way attackers moved the cryptocurrency to make tracing and recovery more difficult.
Regulatory compliance and warnings to crypto users
When asked about potential fund recovery, ZachXBT indicated that KuCoin was unlikely to take action. He went further, accusing KuCoin of selective compliance with regulations, noting that the platform lost its Markets in Crypto-Assets (MiCA) license from European authorities only three months after being approved in February 2026. This incident raised broader questions about exchange oversight and regulatory adherence.
ZachXBT added that KuCoin continues to be exploited by criminals making use of numerous deposit addresses, suggesting the use of instant exchange services and insufficient safeguards in some cases. The persistent flow of illicit funds through broker and personal accounts on such platforms points to ongoing gaps in monitoring mechanisms.
Beau, head of security at NFT project Pudgy Penguins, also issued a public advisory. He emphasized that users should never enter their hardware wallet seed phrase into any internet-connected device, whether for so-called ‘recovery’ or purported updates.
He described how malicious actors routinely distribute fake wallet apps through various means, such as phishing emails, misleading advertisements, or even physical mail campaigns. Any unexpected prompt to download or update wallet software, Beau warned, should be treated with extreme skepticism until users independently verify the legitimacy of the source.
The high-profile nature of G. Love’s loss highlights the ongoing danger facing both experienced and novice crypto users. Even highly visible platforms like Apple’s Mac App Store can harbor deceptive apps targeting digital asset holders.
This incident underlines the importance of exclusive reliance on official channels when managing sensitive wallet information. As crypto-related scams grow more sophisticated, continued public education and robust platform vigilance remain essential lines of defense.
