Ongoing phishing campaigns

Phishing attempts are targeting Ledger customers.

Phishing attacks are unfortunately an all too common threat when using the internet. This page aims to make a list of some examples of phishing attacks we have received at Ledger targeting our customers. If you have any doubts about the authenticity of a communication from Ledger, you can refer to the list below highlighting some recent phishing campaigns.

Phishing websites shutdown last month: 101
Social networks : 226 = 216 Twitter, 6 telegram, 3 facebook, 1 Linkedin
Latest update: March 22th, 2023

Report a phishing attempt    

Consult ongoing phishing campaigns

Never share the 24 words of your recovery phrase with anyone under any circumstances.

Even with Ledger or what you would think is coming from Ledger. Ledger will never ask for them. You should never enter your 24 words anywhere else than into your device.

Only <u>use the official download page</u> for Ledger Live.

Only use the official download page for Ledger Live.

The Ledger Nano is not a USB device. It does not contain any application to download and install on your computer.
The only way to download the Ledger Live app is by using the official download page here.

How to prevent being scammed from phishing?


Never validate a transaction on your Nano if you are not the author of this transaction.

Scammers will ask you to download a fake Ledger Live application that will trigger a transaction on your Nano. You must absolutely reject that transaction.


Ledger cannot and will not deactivate your device.

Some phishing attempts are pretending Ledger 'deactivate' or 'block' your device for KYC reasons. Ledger is not in a position to 'block' or 'deactivate' your device. Any request asking you to do this is bogus.


Always make sure that you interact through Ledger’s official channels

Be cautious, fake domain names are sometimes very close with a subtle spelling difference such as "legder", "leqder", "ledqer", "lèdger" or "ledgёr".

Please also be aware of what you may think is a ledger.com domain name but is in fact not!
See for example: ledger.com-a42-encryption-m6-email.rg37-s8-smtp (dot) cloud

Authentic Ledger domain names are:


Ledger will never contact you via text messages or phone call.

As soon as you receive a so-called Ledger communication via text message, WhatsApp, Telegram, phone call or postal letter, assume that It is a phishing attempt, report it as spam, and block the sender.

Ledger will only communicate via email and official social media channels :


Ongoing phishing campaigns  

Latest update: June 17th, 2021

Learn more about phishing campaigns

Want to help us or report a phishing campaign?

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox