Seize the BTC surge. Get a Bitcoin Edition Ledger Hardware Wallet now

Buy here

#StopTheScammers

Ongoing phishing campaigns

Phishing attempts are targeting Ledger customers.

Phishing attacks are unfortunately an all too common threat when using the internet. This page aims to make a list of some examples of phishing attacks we have received at Ledger targeting our customers. If you have any doubts about the authenticity of a communication from Ledger, you can refer to the list below highlighting some recent phishing campaigns.

Phishing websites shutdown last month: 101
Social networks : 226 = 216 Twitter, 6 telegram, 3 facebook, 1 Linkedin
Latest update: March 22th, 2023

Report a phishing attempt    

Consult on-going phishing campaigns
      

Never share the 24 words of your recovery phrase with anyone under any circumstances.

Even with Ledger or what you would think is coming from Ledger. Ledger will never ask for them. You should never enter your 24 words anywhere else than into your device.

How to prevent being scammed from phishing?

  

Never validate a transaction on your Nano if you are not the author of this transaction.

Scammers will ask you to download a fake Ledger Live application that will trigger a transaction on your Nano. You must absolutely reject that transaction.

  

Ledger cannot and will not deactivate your device.

Some phishing attempts are pretending Ledger 'deactivate' or 'block' your device for KYC reasons. Ledger is not in a position to 'block' our 'deactivate' your device. Any request asking you to do this is bogus.

  

Always make sure that you interact through Ledger’s official channels

Be cautious, fake domain names are sometimes very close with a subtle spelling difference such as "legder", "leqder", "ledqer", "lèdger" or "ledgёr"

Please also be aware of what you may think is a ledger.com domain name but is in fact not!

See for example:
ledger.com-a42-encryption-m6-email.rg37-s8-smtp (dot) cloud

Authentic Ledger domain names are:
@ledger.fr
@ledger.com
@ledgerwallet.com
@ledger.zendesk.com

  

Ledger will never contact you via text messages or phone call.

As soon as you receive a so-called Ledger communication via text message, WhatsApp, Telegram, phone call or postal letter, assume that It is a phishing attempt, report it as spam, and block the sender.

Ledger will only communicate via email and official social media channels :
twitter.com/ledger
facebook.com/ledger
instagram.com/ledger

Ongoing phishing campaigns  

Latest update: June 17th, 2021

Unknown



The phishing attempt claims there is an outgoing transaction being made to empty your wallet to encourage you to click on the cancel button. This is fake, Ledger is not able to know what you are doing with your Nano.

Then you would be invited to enter your recovery phrase in a fake version of Ledger Live to cancel the non existing transaction.

The scammers play on your legitimate fear (someone would have access to your accounts) to encourage you to give the 24 words of your recovery phrase.


December 9th, 2020



This scam pretends that due to new KYC rules, Ledger was obliged to deactivate your hardware wallet. First of all, It’s not possible, Ledger is not able to deactivate your Nano.

The link invites you to enter your recovery phrase for KYC purposes. Private keys / recovery phrase are not part of any KYC procedures.

Ledger is not an Exchange, you don’t need a KYC (Know Your Customer) procedure to use your Ledger Nano or Ledger Live.

Only the “buy” features on Ledger Live needs a KYC procedure.


December 5th, 2020



This phishing attempt pretends your hardware wallet has been deactivated, which is not technically possible.

The link invites you to enter your recovery phrase for KYC purposes. Private keys / recovery phrase are not part of any KYC procedures. The link provided by the scammers is not legitimate.
Ledger is not an Exchange, you don’t need a KYC (Know Your Customer) procedure to use your Ledger Nano or Ledger Live.

Only the “buy” feature on Ledger Live needs a KYC procedure.


December 4th, 2020



This phishing scam pretends that a security breach affects you and your funds are at risk to encourage you to download a fake version of the Ledger Live app.

This fake version of Ledger Live will ask that you enter your recovery phrase in order to fix a security issue that does not exist. There is no security breach that requires you to download a new version of the Ledger Live app, nor will the app ever ask you for your 24 word recovery phrase.

Learn more about phishing campaigns

The Battleground Against Phishing Attempts

Read the article

Anatomy of a Phishing Attack

Read the article

How to keep your crypto safe against scams

Read the article

Want to help us or report a phishing campaign?


If you have any doubt about the authenticity of the communication you received or the domain name or the sending address you received the communication from, you can always contact our Customer Support.



If you think you have received a fake communication from a third party impersonating Ledger, you can report it here.


NB: This will be reviewed by our team and help us flag more phishing examples on this page. However please note that there won’t be an individualised response to emails sent to this address. If your query requires a response from Ledger, please contact our Customer Support.


If you have received a phishing attempt or if you are aware of an illegal website, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.


Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.