We've received reports from users falling victim to phishing attacks on social media such as Reddit, Twitter, Facebook. Users are either directly asked to provide their 24-word recovery phrase, or led to fake Ledger websites that ask them to enter their 24-word recovery phrase.
- Reminder: Anyone with access to your 24-word recovery phrase can take your assets.
- Never enter your 24-word recovery phrase anywhere else than on your Ledger device.
- Ledger staff will never reach out to you on social media.
- Only use our official contact form at https://support.ledger.com/hc/requests/new
We strongly encourage affected users to file a police report in their jurisdiction. Should you have any doubts or if you think you might be targeted by a phishing attempt, please contact us immediately: https://support.ledger.com/hc/requests/new
Detect phishing websites
Install the MetaMask browser extension to get a warning when visiting a domain that's been reported as a malicious website.
Examples of malicious sites
Phishing website tricking users to enter their confidential 24-word recovery phrase
Avoid entering your recovery phrase on any other device than your Ledger hardware wallet