English | Français | Español | Deutsch

#StopTheScammers

Ongoing phishing campaigns

Phishing attempts are targeting Ledger customers.

Phishing attacks are unfortunately an all too common threat when using the internet. This page aims to make a list of some examples of phishing attacks we have received at Ledger targeting our customers. If you have any doubts about the authenticity of a communication from Ledger, you can refer to the list below highlighting some recent phishing campaigns.

Phishing websites shutdown since October 22nd: 392
Latest update: April 8th, 2021

Never share the 24 words of your recovery phrase with anyone under any circumstances.

Even with Ledger or what you would think is coming from Ledger. Ledger will never ask for them. You should never enter your 24 words anywhere else than into your device.

Only <u>use the official download page</u> for Ledger Live.

Only use the official download page for Ledger Live.

The Ledger Nano is not a USB device. It does not contain any application to download and install on your computer.
The only way to download the Ledger Live app is by using the official download page here.

How to prevent being scammed from phishing?

  

Never validate a transaction on your Nano if you are not the author of this transaction.

Scammers will ask you to download a fake Ledger Live application that will trigger a transaction on your Nano. You must absolutely reject that transaction.

  

Ledger cannot and will not deactivate your device.

Some phishing attempts are pretending Ledger 'deactivate' or 'block' your device for KYC reasons. Ledger is not in a position to 'block' or 'deactivate' your device. Any request asking you to do this is bogus.

  

Always make sure that you interact through Ledger’s official channels

Be cautious, fake domain names are sometimes very close with a subtle spelling difference such as "legder", "leqder", "ledqer", "lèdger" or "ledgёr".

Please also be aware of what you may think is a ledger.com domain name but is in fact not!
See for example: ledger.com-a42-encryption-m6-email.rg37-s8-smtp (dot) cloud

Authentic Ledger domain names are:
@ledger.fr
@ledger.com
@ledgerwallet.com
@ledger.zendesk.com

  

Ledger will never contact you via text messages or phone call.

As soon as you receive a so-called Ledger communication via text message, WhatsApp, Telegram, phone call or postal letter, assume that It is a phishing attempt, report it as spam, and block the sender.

Ledger will only communicate via email and official social media channels :

   twitter.com/ledger
   twitter.com/ledger_support
   facebook.com/ledger
   instagram.com/ledger

Ongoing phishing campaigns  

Latest update: February 16th, 2021

May 10th, 2021



A fake letter claiming to be signed by the CEO of Ledger is sent to a Ledger user along with a faulty Ledger device in his box as if it were new.
In the fake letter, it is stated that you need to change your device to secure your funds. You are asked to initialize the device sent with the letter and to follow the user guide in the box.
This is a scam. The Ledger Nano is faulty and the user guide is a fake.
The fake user guide in the Nano's box asks the user to connect the device to a computer. To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application.
This is a scam. Do not connect the device to your computer and never share your 24 words. Ledger will never ask you to share your 24-word recovery phrase.


March 22nd, 2021



One of our user got recently scammed on Amazon. The user bought a Ledger Nano S which had already been initialized by a malicious seller. The malicious seller sent a Nano already initialized to the user with a recovery sheet filled with the 24 words.
When a user receives its Ledger wallet, whether it is a Nano S or X, she/he must always initialize first it by following this process:
- Powering on the device
- Generating a pin code by himself/herself
- Generating the 24 words (seed phrase) by himself

IMPORTANT: no pin code or seed phrase should ever be given to the user by anybody else prior to the initializatio


February, 16th, 2021



In this phishing email, scammers ask you to update your device to secure your crypto.
This is a scam. Your funds are not at risk despite the data breach. Moreover, device updates should always be done directly in the Live Ledger application on your computer or phone.


February, 16th, 2021



In this phishing email, scammers ask you to directly update your 24 words giving access to your crypto.
This is a scam. Your funds are not at risk despite the data breach. Ledger will never ask you to share your 24-word recovery phrase.


February, 7th, 2021



In this phishing email, scammers ask you to click on a link to change your current password on your user profile.
This is a scam. Ledger will never ask you to create a profile to use Ledger products.
Do not click on this link.


January, 24th, 2021



Scammers ask you to click on a link to confirm that you are indeed the person who tried to connect to your device. This is a scam. Do not click on this link.


January, 14th, 2021



In this phishing email scammers are blackmailing: they are asking you to send some BTC in exchange for deleting your personal data.


January, 12th, 2021



The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that your data have been hacked and that Ledger has authorized them to send you a new Ledger device. In order to set up this new device, they are asking for your 24 words.


January, 2nd, 2021



This phishing email simulates a transaction that did not take place. Ledger will never contact you about your transactions.
This phishing email directs you to a fake website that mimicks Ledger Live and will ask for the 24 words of your recovery seed.


December 27th, 2020



This phishing email is asking you to install a security patch to fix vulnerabilities and keep your data secure. This redirect you to a website and ask you for your 24 words.
This email is not legit. Never share your 24 words.


December 24th, 2020



Scammers pretend to have collected personal information through a security breach such as compromising pictures, internet history or family contact information. They are asking you to pay in exchange for deleting these data.
This email is a scam. We do not have information such as files, pictures, internet history...


December 22nd, 2020



This phishing alert sends you to a fake website which asks you the 24 words of your recovery phrase.


December 22nd, 2020



Cette stratégie de hameçonnage consiste à menacer le client pour lui demander une rançon. Nous vous conseillons de ne pas répondre et de contacter la police locale pour porter plainte si vous vous sentez en danger.


December 22nd, 2020



This French text message claims that your funds are at risk, which is not true. It asks you to share the 24 words of your recovery phrase to solve security issues.
Your funds are not in danger, do not share your 24 words of your recovery phrase with anyone, Ledger will never ask you for them.


December 22nd, 2020



This phishing email uses Ledger's data theft as a pretext, to trick you into giving out the 24 words of your recovery phrase.
This is not a legit email, your funds are not at risk despite the data breach.


December 21st, 2020



Scammers pretend to know your address and demand a ransom to not invade your home.

As you can see these are 'generic' threatening emails playing on your fear to steal your crypto assets.


December 9th, 2020



This scam pretends that due to new KYC rules, Ledger was obliged to deactivate your hardware wallet. First of all, It’s not possible, Ledger is not able to deactivate your Nano.

The link invites you to enter your recovery phrase for KYC purposes. Private keys / recovery phrase are not part of any KYC procedures.

Ledger is not an Exchange, you don’t need a KYC (Know Your Customer) procedure to use your Ledger Nano or Ledger Live.

Only the “buy” features on Ledger Live needs a KYC procedure.


December 6th, 2020



The phishing attempt claims there is an outgoing transaction being made to empty your wallet to encourage you to click on the cancel button. This is fake, Ledger is not able to know what you are doing with your Nano.

Then you would be invited to enter your recovery phrase in a fake version of Ledger Live to cancel the non existing transaction.

The scammers play on your legitimate fear (someone would have access to your accounts) to encourage you to give the 24 words of your recovery phrase.


December 5th, 2020



This phishing attempt pretends your hardware wallet has been deactivated, which is not technically possible.

The link invites you to enter your recovery phrase for KYC purposes. Private keys / recovery phrase are not part of any KYC procedures. The link provided by the scammers is not legitimate.

Ledger is not an Exchange, you don’t need a KYC (Know Your Customer) procedure to use your Ledger Nano or Ledger Live.

Only the “buy” feature on Ledger Live needs a KYC procedure.


December 4th, 2020



This phishing scam pretends that a security breach affects you and your funds are at risk to encourage you to download a fake version of the Ledger Live app.

This fake version of Ledger Live will ask that you enter your recovery phrase in order to fix a security issue that does not exist. There is no security breach that requires you to download a new version of the Ledger Live app, nor will the app ever ask you for your 24 word recovery phrase.


Learn more about phishing campaigns

The Battleground Against Phishing Attempts

Read the article

Anatomy of a Phishing Attack

Read the article

How to keep your crypto safe against scams

Read the article

Want to help us or report a phishing campaign?


If you have any doubt about the authenticity of the communication you received or the domain name or the sending address you received the communication from, you can always contact our Customer Support.



If you think you have received a fake communication from a third party impersonating Ledger, you can report it here.


NB: This will be reviewed by our team and help us flag more phishing examples on this page. However please note that there won’t be an individualised response to emails sent to this address. If your query requires a response from Ledger, please contact our Customer Support.


If you have received a phishing attempt or if you are aware of an illegal website, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.