Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

How to verify the authenticity of Ledger Live?

This article will explain how to verify the authenticity of a Ledger Live installation package using Ledger Live Download Signatures on Windows / macOS / Linux.

Windows macOS Linux

  1. Begin by opening your preferred browser and navigating to the Ledger website. 
  2. Click on Download the app and proceed to download the Windows installation package onto your computer.



  3. Once downloaded, locate the installation package on your computer. You can find its path by right-clicking on the package and selecting Properties.




  4. On your computer, open Windows PowerShell.

    mceclip0.png

  5. In the PowerShell, input the following command to retrieve the SHA-512 hash of the downloaded file:

    Get-FileHash "path/to/downloaded/ledger-live/installation/package.exe" -Algorithm SHA512 | Format-List
     Remember to replace "path/to/downloaded/ledger-live/installation/package.exe" with the specific path noted in step 3. Ensure the path remains wrapped in "quotation marks".



  6. Hit Enter to initiate the hashing process.
  7. Once the hash appears in the console, double-click on it to highlight it and copy it using Ctrl+C.



  8. Navigate to the Ledger Live Download Signatures page. Use Ctrl+F to open the search function, paste the hash, and press Enter to verify.

    If the search returns a hit, it's a match! 
    Remember, SHA-512 hashes are not case-sensitive so a == A, b == B, etc.

    mceclip4.png

 The hashes don't match!

  • Your copy of Ledger Live might not be genuine.
  • Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.

Was this article helpful?