Verify a decision

{"actor":"system:backfill","investigation_id":"80a8e14e-8976-44ff-9253-740a398fbbd5","kind":"publish","page_slug":"fake-ledger-live-app","published_at":"2026-05-15T06:46:24.850Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"fake Ledger Live app","sections":[{"content":"Fake Ledger Live apps are a category of phishing and wallet-drainer scam in which threat actors publish fraudulent applications mimicking the official Ledger Live hardware wallet companion software. These apps are distributed through ostensibly trusted channels — official app stores operated by Microsoft and Apple, as well as compromised third-party websites — to exploit the implicit trust users place in curated software marketplaces. The primary attack vector is seed phrase harvesting: victims are prompted to enter their 12- or 24-word BIP39 recovery phrases, which attackers immediately transmit to attacker-controlled servers and use to drain all wallets derived from that phrase. Affected blockchains across documented incidents include Bitcoin, Ethereum, Tron, Solana, and Ripple (XRP). At least two major organized campaigns have been confirmed by on-chain investigators and security firms, with total documented losses exceeding $10.3 million as of April 2026.","heading":"Overview and Threat Classification","severity":"critical","sources":[{"credibility":1,"name":"Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"credibility":1,"name":"Fake Ledger Live app on Apple's App Store stole $9.5M in crypto - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/"}]},{"content":"In October–November 2023, a fraudulent application titled 'Ledger Live Web3' was published to the Microsoft Store under the publisher name 'Official Dev.' The app was active from approximately October 19, 2023, through November 5, 2023. Blockchain investigator ZachXBT publicly flagged the malicious listing on November 5, 2023, prompting Microsoft to remove it the same day. The fraudulent app collected approximately 16.8 BTC (~$588,000) via 38 transactions to the primary Bitcoin address bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q, and an additional ~$180,000 across Ethereum and Binance Smart Chain to the secondary address 0x089ecf0703b8e85183f29725f87da40ae488b7b9, for a documented total of approximately $768,000. The app's description was copied verbatim from the legitimate Apple App Store listing. Its only notable review artifact was a single five-star rating and a fraudulent GitBook documentation page hosted at ladgerlivlugio.gitbook.io. One documented victim lost $26,500 in life savings. This was not reported to be the first such listing on Microsoft's platform; Ledger's official support account had previously issued warnings in December 2022 and March 2023 about earlier counterfeit Microsoft Store apps.","heading":"Microsoft Store Incident (November 2023)","severity":"critical","sources":[{"credibility":1,"name":"Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"credibility":2,"name":"Rogue Developer Steals $768,000 in Crypto with Fake Ledger Live App - Bitdefender","type":"news","url":"https://www.bitdefender.com/en-us/blog/hotforsecurity/rogue-developer-steals-768-000-in-crypto-with-fake-ledger-live-app"},{"credibility":2,"name":"Ledger's fake hardware wallet app and fraud in Microsoft's App Store - Abstract Crypto","type":"news","url":"https://abstractcrypto.com/ledgers-fake-hardware-wallet-app-and-fraud-in-microsofts-app-store/"}]},{"content":"Between April 7 and April 13, 2026, a fraudulent Ledger Live application published to the Apple App Store under the developer account 'SAS Software Company' and publisher name 'Leva Heal Limited' caused losses of approximately $9.5 million across more than 50 victims. The app appeared in the macOS App Store under a name visually indistinguishable from the legitimate Ledger Live software. The malicious actor employed a 'bait-and-switch strategy,' according to Apple's stated explanation for the removal: the app was initially submitted with benign functionality and subsequently updated to harvest seed phrases once it passed review. The developer artificially inflated apparent legitimacy by releasing fake major version updates (versions 1.0 through 5.0) within two weeks. ZachXBT's on-chain investigation, published on April 14, 2026, identified the three largest individual victim losses: $3.23 million in USDT (April 9), $2.079 million in USDC (April 11), and $1.95 million in a combination of BTC, ETH, and stETH (April 8). Musician Garrett Dutton, known professionally as G. Love, lost 5.92 BTC (approximately $424,000–$447,000) described as his retirement fund. ZachXBT traced stolen funds through more than 150 KuCoin deposit addresses connected to a centralized mixing service called 'AudiA6.' KuCoin froze associated accounts, though recovery remained subject to law enforcement involvement. Apple stated it removed the app and terminated the developer account following community reports; the app had been live for approximately two weeks before removal. PhishFort analyst Shahar Madar independently identified and escalated the case directly to Apple's anti-fraud team. ZachXBT stated the incident may provide grounds for a class action lawsuit against Apple.","heading":"Apple App Store Incident (April 2026) — Leva Heal Limited / SAS Software Company","severity":"critical","sources":[{"credibility":1,"name":"Fake Ledger Live app on Apple's App Store stole $9.5M in crypto - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/"},{"credibility":1,"name":"Fake Ledger app on Apple App Store linked to $9.5M crypto theft - The Block","type":"news","url":"https://www.theblock.co/post/397388/fake-ledger-app-apple-app-store-crypto-theft-bitcoin-tron-solana-zachxbt"},{"credibility":1,"name":"A fake Ledger app on the Apple App Store drained $9.5M in crypto - CoinDesk","type":"news","url":"https://www.coindesk.com/business/2026/04/14/a-fake-ledger-app-on-the-apple-app-store-just-drained-usd9-5-million-in-crypto"},{"credibility":1,"name":"Apple Removes Fake Ledger App That Stole $9.5M From Users - CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/apple-removes-fake-ledger-app-stole-9-million-from-users"},{"credibility":2,"name":"ZachXBT Says Apple App Store Fake Ledger App Stole $9.5M From 50+ Victims - Bitcoin.com News","type":"news","url":"https://news.bitcoin.com/zachxbt-says-apple-app-store-fake-ledger-app-stole-9-5m-from-50-victims-in-one-week/"},{"credibility":1,"name":"Fake Ledger App Steals Millions in Bitcoin From Holders Including Musician G. Love - Decrypt","type":"news","url":"https://decrypt.co/364308/fake-ledger-app-steals-millions-bitcoin-crypto-musician-g-love"},{"credibility":2,"name":"Ledger Scam April 2026 — Flagged and Taken Down by PhishFort Analyst","type":"official","url":"https://phishfort.com/fake-crypto-apps-app-store-phishing-scam/"}]},{"content":"Across all documented variants, fake Ledger Live apps use a consistent attack mechanism. After installation, the app replicates the visual design and user experience of the legitimate Ledger Live interface. At a critical point in the user flow — typically a 'wallet setup,' 'account recovery,' or 'critical error' screen — the app displays a prompt requesting the user's 12- or 24-word BIP39 seed phrase. The prompt is framed as a routine security verification or wallet restoration step. Legitimate hardware wallet workflows do not require seed phrase entry into software; this request is the definitive indicator of fraud. Once entered, the seed phrase is transmitted over the network to an attacker-controlled server. Attackers then derive all child keys and drain associated wallets across every supported blockchain. The 'bait-and-switch' technique specifically refers to submitting an initially innocuous application for app store review, then updating the app post-approval to introduce the malicious phishing interface, exploiting the reduced scrutiny applied to app updates. On macOS, trojanized DMG installer variants replace a genuine installed Ledger Live binary with the malicious clone, activating a fake error screen on next launch.","heading":"Attack Technique: Seed Phrase Harvesting and Bait-and-Switch","severity":"critical","sources":[{"credibility":2,"name":"Anti-Ledger malware: The battle for Ledger Live seed phrases - Moonlock","type":"news","url":"https://moonlock.com/anti-ledger-malware"},{"credibility":1,"name":"Hackers use fake Ledger apps to steal Mac users' seed phrases - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/"},{"credibility":2,"name":"Ledger Scam April 2026 — Flagged and Taken Down by PhishFort Analyst","type":"official","url":"https://phishfort.com/fake-crypto-apps-app-store-phishing-scam/"}]},{"content":"Multiple security researchers have documented the use of homoglyph substitution in fake Ledger Live distribution. A homoglyph attack substitutes visually identical or near-identical Unicode characters from different scripts into app names and URLs. PhishFort documented a specific instance in which the Cyrillic character 'е' (U+0435) was substituted for the Latin 'e' in the app's URL path, rendering the URL visually indistinguishable to human readers while pointing to a different destination. The encoded form of the fraudulent URL appeared as /ledger-liv%D0%B5/ versus the legitimate /ledger-live/. Kaspersky researchers studying the broader FakeWallet/SparkKitty campaign documented additional typosquatting techniques — intentional misspellings in app names combined with near-identical icons — used to evade App Store keyword filters while deceiving users at a glance.","heading":"Homoglyph and Typosquatting Techniques","severity":"high","sources":[{"credibility":2,"name":"Ledger Scam April 2026 — Flagged and Taken Down by PhishFort Analyst","type":"official","url":"https://phishfort.com/fake-crypto-apps-app-store-phishing-scam/"},{"credibility":2,"name":"FakeWallet cryptostealer propagating via iOS App Store applications - Kaspersky Securelist","type":"news","url":"https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/"},{"credibility":2,"name":"Phishing crypto-wallet clones in the App Store - Kaspersky Blog","type":"news","url":"https://www.kaspersky.com/blog/ios-macos-fake-crypto-apps/55665/"}]},{"content":"In March 2026, Kaspersky researchers published findings on a campaign they designated FakeWallet, consisting of 26 fraudulent cryptocurrency wallet applications present in the Apple App Store. The campaign impersonated seven major wallets including Ledger, MetaMask, Coinbase, Trust Wallet, TokenPocket, imToken, and Bitpie. Kaspersky attributed the campaign with moderate confidence to the threat actors behind the SparkKitty Trojan, based on shared command-and-control infrastructure, Chinese-language debug logging, and overlapping targeting methodologies. SparkKitty is a mobile trojan targeting iOS and Android devices that harvests cryptocurrency recovery phrases from users' photo galleries and input events. For cold wallet apps such as Ledger Live, the campaign injected malicious React Native code that displayed phishing notifications matching the authentic app's UI, including mnemonic autocomplete functionality to reduce friction and appear legitimate. For hot wallet apps, the malware hijacked screen rendering methods to intercept seed phrase entry. RSA encryption was used to transmit harvested data to command-and-control servers. Almost all detected FakeWallet apps targeted Chinese iOS users by App Store region, though the malicious code carried no regional restriction. Apple removed 25 of 26 identified apps following Kaspersky's responsible disclosure; the 26th was subsequently removed with the developer's account terminated.","heading":"FakeWallet / SparkKitty Campaign (Kaspersky Research)","severity":"critical","sources":[{"credibility":2,"name":"FakeWallet cryptostealer propagating via iOS App Store applications - Kaspersky Securelist","type":"news","url":"https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/"},{"credibility":2,"name":"Kaspersky finds 26 fake crypto wallet apps on Apple's App Store - Kaspersky Press Release","type":"official","url":"https://www.kaspersky.com/about/press-releases/kaspersky-finds-26-fake-crypto-wallet-apps-on-apples-app-store-that-can-drain-digital-assets"},{"credibility":2,"name":"Phishing crypto-wallet clones in the App Store and other attacks on iOS and macOS crypto owners - Kaspersky Blog","type":"news","url":"https://www.kaspersky.com/blog/ios-macos-fake-crypto-apps/55665/"},{"credibility":2,"name":"Fake Crypto, Casino, and TikTok Clone Apps Spread SparkKitty Malware - CoinLive","type":"news","url":"https://www.coinlive.com/news/fake-crypto-casino-and-tiktok-clone-apps-on-google-play"}]},{"content":"Moonlock Lab began tracking a separate set of macOS-targeted fake Ledger Live campaigns starting in August 2024. These campaigns distribute trojanized DMG (disk image) installer files through compromised third-party websites rather than official app stores. By May 2025, Moonlock had identified four concurrent active campaigns. The Odyssey stealer, introduced by a threat actor using the handle 'Rodrigo' on or around March 19, 2025, represented a qualitative escalation: rather than merely stealing stored passwords and wallet configuration files, Odyssey replaced the user's installed Ledger Live binary with a malicious clone that phishes for seed phrases on next launch. The Atomic macOS Stealer (AMOS) subsequently adopted Rodrigo's technique. A threat actor using the handle '@mentalpositive' advertised a variant with explicit 'anti-Ledger' functionality on dark web forums in April–May 2025, with a sample first appearing April 17, 2025 and an updated variant on May 4, 2025. AMOS delivery infrastructure was found embedded in at least 2,800 compromised websites. Moonlock documented the evolution from early variants that could only exfiltrate passwords and wallet metadata to later variants capable of full seed phrase extraction, describing the progression as occurring within approximately one year.","heading":"Moonlock macOS Malware Campaigns (2024–2025)","severity":"critical","sources":[{"credibility":2,"name":"Anti-Ledger malware: The battle for Ledger Live seed phrases - Moonlock","type":"news","url":"https://moonlock.com/anti-ledger-malware"},{"credibility":2,"name":"Malware spread via fake Ledger apps is emptying crypto wallets - Moonlock","type":"news","url":"https://moonlock.com/malware-fake-ledger-apps"},{"credibility":1,"name":"Hackers use fake Ledger apps to steal Mac users' seed phrases - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/"},{"credibility":2,"name":"Fake Ledger Live Apps Target macOS Users - CryptoNews","type":"news","url":"https://cryptonews.com/news/fake-ledger-live-apps-target-macos-users/"}]},{"content":"ZachXBT's on-chain tracing of the April 2026 Apple App Store incident identified a consistent laundering pattern. Stolen funds across Bitcoin, Ethereum, Tron, Solana, and XRP were routed through more than 150 distinct KuCoin deposit addresses. These addresses were linked to a centralized crypto mixing service operating under the name 'AudiA6,' described as charging elevated fees to obfuscate the origin of funds. KuCoin's compliance team froze accounts associated with G. Love's stolen 5.92 BTC, but confirmed that recovery would require formal law enforcement involvement. ZachXBT noted the laundering methodology was consistent across the multiple victims, suggesting a single organized operation. The 2023 Microsoft Store incident did not have the same level of on-chain tracing publicly documented, though the two primary receiving addresses (bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q and 0x089ecf0703b8e85183f29725f87da40ae488b7b9) were publicly identified.","heading":"Money Laundering: KuCoin and AudiA6 Mixer","severity":"high","sources":[{"credibility":2,"name":"Fake Ledger App Alert: $9.5M Stolen From 50+ Victims via Apple App Store, Funds Laundered via KuCoin - CCN","type":"news","url":"https://www.ccn.com/education/crypto/fake-ledger-app-9-5m-stolen-50-victims-kucoin-laundering/"},{"credibility":2,"name":"ZachXBT Traces Multi-Million Crypto Scam to Fake Ledger Live iOS App - Crypto Economy","type":"news","url":"https://crypto-economy.com/zachxbt-traces-multi-million-crypto-scam-ledger/"},{"credibility":1,"name":"Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"}]},{"content":"Microsoft removed the 'Ledger Live Web3' listing from the Microsoft Store on November 5, 2023, the same day ZachXBT flagged it publicly. Microsoft did not issue a public statement addressing the failure of its developer verification process to prevent the listing. Apple removed the fake Ledger Live app attributed to 'SAS Software Company' / 'Leva Heal Limited' in mid-April 2026, after the app had been available for approximately two weeks and after public escalation by ZachXBT and PhishFort. Apple stated to CoinTelegraph that the app was removed for bait-and-switch violations and that the developer account was terminated. Apple noted that in 2024 it had removed or rejected more than 17,000 apps for bait-and-switch violations and blocked over 37,000 potentially fraudulent apps; however, critics noted that reactive removal after $9.5 million in losses demonstrated that pre-publication review was insufficient for high-risk financial application categories. ZachXBT publicly suggested the situation may provide grounds for a class action lawsuit against Apple. No such lawsuit had been filed as of the time of this investigation's writing.","heading":"Platform Response and Accountability","severity":"high","sources":[{"credibility":1,"name":"Apple Removes Fake Ledger App That Stole $9.5M From Users - CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/apple-removes-fake-ledger-app-stole-9-million-from-users"},{"credibility":1,"name":"Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - BleepingComputer","type":"news","url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"credibility":2,"name":"Bogus crypto wallet on App Store steals $9.5M - AppleInsider","type":"news","url":"https://appleinsider.com/articles/26/04/14/bogus-crypto-wallet-on-app-store-steals-95m"}]},{"content":"Ledger's official support documentation states that Ledger Live is only officially distributed through ledger.com and that users should never enter seed phrases into any software application under any circumstances, including during wallet setup or recovery. Ledger has maintained a public-facing page tracking ongoing phishing campaigns. Security researchers consistently advise that the only authorized source for Ledger Live is the official Ledger website; the Mac App Store and Microsoft Store are not official Ledger distribution channels. The legitimate Ledger Live application never requests a seed phrase under any conditions — any prompt to enter a seed phrase is unambiguously fraudulent. Users who have entered seed phrases into any app should immediately transfer all assets to wallets derived from a new seed phrase generated on a trusted hardware device.","heading":"Protective Measures and Official Ledger Guidance","severity":"medium","sources":[{"credibility":1,"name":"Fraudulent Ledger Wallet applications - Ledger Support","type":"official","url":"https://support.ledger.com/article/fraudulent-ledger-live-applications"},{"credibility":1,"name":"Ongoing phishing campaigns - Ledger","type":"official","url":"https://www.ledger.com/phishing-campaigns-status"}]}],"sources_used":[],"summary":"Fake Ledger Live apps are malicious wallet impersonation applications distributed through official app stores — including the Microsoft Store and Apple App Store — that harvest cryptocurrency seed phrases to drain victims' wallets. Two major documented incidents have resulted in confirmed losses of at least $10.3 million: approximately $768,000 via the Microsoft Store in November 2023, and approximately $9.5 million via the Apple App Store in April 2026. Parallel macOS malware campaigns distributing trojanized DMG installers have been active since at least August 2024, with four concurrent active campaigns identified by security researchers.","timeline":[{"date":"2022-12","event":"Ledger's official support account issues warnings about counterfeit Ledger Live apps appearing on the Microsoft Store.","source":"BleepingComputer (referenced in 2023 coverage)","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"date":"2023-03","event":"Ledger support issues additional warnings about Microsoft Store counterfeits.","source":"BleepingComputer (referenced in 2023 coverage)","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"date":"2023-10-19","event":"'Ledger Live Web3' fraudulent app published to Microsoft Store under publisher 'Official Dev'.","source":"BleepingComputer","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"date":"2023-11-05","event":"ZachXBT publicly alerts community to fake Ledger Live app on Microsoft Store. Microsoft removes the app the same day. Confirmed on-chain losses total approximately $768,000 (16.8 BTC + ~$180K in ETH/BSC assets).","source":"BleepingComputer / ZachXBT","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-in-microsoft-store-steals-768-000-in-crypto/"},{"date":"2024-08","event":"Moonlock Lab begins tracking macOS-targeted fake Ledger Live clone campaigns distributing trojanized DMG installers through compromised websites. Early variants steal passwords and wallet metadata but not seed phrases.","source":"Moonlock","source_url":"https://moonlock.com/anti-ledger-malware"},{"date":"2025-03-19","event":"Threat actor 'Rodrigo' deploys Odyssey stealer — a macOS malware that replaces the legitimate Ledger Live binary with a clone that phishes for seed phrases on next launch, enabling full wallet drain.","source":"Moonlock","source_url":"https://moonlock.com/anti-ledger-malware"},{"date":"2025-04-17","event":"First sample from threat actor '@mentalpositive' advertising explicit 'anti-Ledger' functionality on dark web forums appears.","source":"Moonlock","source_url":"https://moonlock.com/anti-ledger-malware"},{"date":"2025-04-21","event":"AMOS JandiInstaller campaign targeting Ledger Live users identified by Moonlock.","source":"Moonlock","source_url":"https://moonlock.com/anti-ledger-malware"},{"date":"2025-05-04","event":"@mentalpositive releases updated anti-Ledger malware variant with enhanced seed phrase extraction.","source":"Moonlock","source_url":"https://moonlock.com/anti-ledger-malware"},{"date":"2026-03","event":"Kaspersky researchers discover 26 FakeWallet apps in the Apple App Store impersonating Ledger and six other major wallets, attributed with moderate confidence to SparkKitty threat actors. Primarily targeting Chinese iOS users.","source":"Kaspersky Securelist","source_url":"https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/"},{"date":"2026-04-07","event":"Fake Ledger Live app published by 'Leva Heal Limited' / 'SAS Software Company' begins actively draining victim wallets via the Apple App Store.","source":"BleepingComputer / The Block","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/"},{"date":"2026-04-08","event":"Victim loses $1.95 million in BTC, ETH, and stETH — the third-largest single loss in the Apple App Store incident.","source":"BleepingComputer / ZachXBT","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/"},{"date":"2026-04-09","event":"Single victim loses $3.23 million in USDT — the largest individual loss in the incident. Musician G. Love loses 5.92 BTC (~$424,000-447,000).","source":"Decrypt / BleepingComputer","source_url":"https://decrypt.co/364308/fake-ledger-app-steals-millions-bitcoin-crypto-musician-g-love"},{"date":"2026-04-11","event":"Second victim loses $2.079 million in USDC.","source":"BleepingComputer / ZachXBT","source_url":"https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/"},{"date":"2026-04-13","event":"Active theft campaign ends after six days with total losses exceeding $9.5 million across 50+ victims on Bitcoin, Ethereum, Tron, Solana, and XRP.","source":"The Block / CoinDesk","source_url":"https://www.coindesk.com/business/2026/04/14/a-fake-ledger-app-on-the-apple-app-store-just-drained-usd9-5-million-in-crypto"},{"date":"2026-04-14","event":"ZachXBT publishes on-chain investigation findings. PhishFort analyst escalates case to Apple's anti-fraud team. Apple removes the fake app and terminates developer account.","source":"CoinDesk / CoinTelegraph / PhishFort","source_url":"https://phishfort.com/fake-crypto-apps-app-store-phishing-scam/"}]},"v":1}