Fraudulent Ledger Live applications
This article helps you identify illegitimate versions of Ledger Live, which are involved in scams and phishing attacks.
Scam Overview
Malicious actors use scare tactics and create phishing websites impersonating Ledger Live and lure users via social media or email with urgent messages like:
- “Activate clear signing”
- “Secure your accounts”
- “Your recovery phrase must be recovered”
- “Update your firmware”
- "Urgent security update needed"
On these fake sites, users are tricked into entering their 24-word Secret Recovery Phrase (SRP), leading to the theft of their digital assets.
How Do I Know If I’ve Been Scammed or Phished?
Be alert to these warning signs:
- Missing funds or unauthorized transactions after entering your 24-word SRP into a fake Ledger Live app.
- Downloading Ledger Live from unofficial or suspicious websites.
- Entering your 24-word SRP into any computer software.
Examples of fraudulent URLs scammers might use (do not visit these sites):
- “ledgeractivate.com”
- “ledger-live-activate.com”
- And similar variations.
Examples of Malicous versions of Ledger Live websites or apps
Fake Chrome applications
Beware of malicious Chrome applications pretending to be from Ledger
Ledger Live should never be downloaded from the Chrome store; all official downloads should come from ledger.com/ledger-live
Below is an example of a phishing website using a fake call-to-action to trick you into entering your 24-word Secret Recovery Phrase. Never enter your 24-word SRP on any device other than your Ledger hardware wallet during setup!
Example of a fraudulent browser-based version of Ledger Live. Pay attention to the URL.
How to Prevent and Respond to Scams
- Secure Your 24-Word Recovery Phrase: Never enter or share your 24-Word SRP anywhere other than on your Ledger device during setup or restoration. Keep it offline, written on paper, or engraved in steel.
- Verify Communications: Ensure you only engage through official Ledger channels. For guidance on identifying genuine Ledger communications, visit our guide here.
- Disregard Unsolicited Communications: If you receive communications about a support case you haven’t initiated, or any suspicious contact via phone, text, email, or other channels, do not engage. Use the chat widget on support.ledger.com to reach out to Ledger support directly for clarifications.
- Download Software from Official Sources: Only download Ledger Live from the official site at ledger.com/ledger-live.
- Verify the authenticity of Ledger Live: Use this guide to verify the authenticity of the Ledger Live installation package.
When to Enter Your 24-Word Secret Recovery Phrase
You should only enter your 24-word SRP in these specific situations:
- Setting up a new Ledger device: Restore access to your existing crypto accounts.
- Recovering your wallet: If your Ledger device is lost, stolen, or damaged, use your recovery phrase on a new Ledger device.
- Using Ledger Recover: If you have subscribed, restore access to your wallet.
Never enter your 24-word SRP on any online platform, computer, or mobile app. Always ensure you enter it directly on your Ledger device to maintain security.
To learn more about protecting your digital assets from threats, visit our Scams Targeting Crypto Holders resource guide.