Very strange story. The author claims that he downloaded Ledger Live from the App Store and the wallet passed the authenticity check normally. So the problem is unlikely to be in the wallet itself
I missed this part about him downloading the software from the App Store. Does he say that he searched for the wallet on the App Store manually or that the official Ledger website directed him there?
The following things also confuse me:
According to the author, the victim was new to cryptocurrency, but transferred an impressive amount of more than $200,000 to the wallet.
Correct. He calls his friend non-tech-savvy but that doesn't mean that he can't have money to invest or that he couldn't possess crypto without knowing much about it.
The provided screenshot shows that the wallet has been checked and no applications have been installed on it, although ETH and TRX should be installed at least. That is, the screenshot was taken before the hack, which is very strange, because, according to the author, after the hack the wallet was not touched again, nothing was installed or deleted.
Good catch! I saw that myself and I was wondering why the user had a screenshot taken before he installed any apps (if it was actually taken at that time) and for what reason would he need that? Why would you need a screenshot that shows that the Genuine Check was passed?
Of course, you can check your wallet by resetting it to factory settings, create a new SEED, put a not very large amount on it and see if it gets stolen.
A smart thief wouldn't react immediately. They would stay patient and wait for the victim to send more money to the wallet and only then empty it.
But, in my opinion, they are not telling you something, or it's a trivial leak of SEED by an inexperienced user.
A user who makes one big mistake can certainly make two or three. Or perhaps it's all made up because it's cool to use Ledger as a punching bag.