Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

Best safety practices - Ledger

This article describes some best practices while using the Ledger ecosystem.

We strive for our users to have a safe and seamless experience while using Ledger products. From the installation of Ledger Live to reviewing transactions on your Ledger device - we aim to make sure our users are secure and happy with the products we produce. 

Safety tips for our users:

  • Only download Ledger Live from our website, do not download from the Microsoft Store, or any other non-approved site. The only place you should download Ledger Live from is ledger.com/ledger-live. If you’re still worried, you can learn how to check the authenticity of the app here. This is how Ledger Live appears in the Microsoft store:image.png
  • A major way fraudsters scam users are through phishing attempts. Only open emails, and DMs from official Ledger support team members. Our team will never have you enter your 24-word seed phrase into anything digital (including Ledger Live) and anything else should be ignored and reported to our team. Here is an example of a fake Ledger Support account found on Twitter. Notice how the handle doesn't end with “@ledger” and has “helpdek” spelled incorrectly? Also, most of these scammers do not have Twitter-verified accounts. Below, is an example of a fake Twitter handle with the main goal of making the user think they’re interacting with a real Ledger employee:

Screen_Shot_2022-09-09_at_12.19.48_PM.png

  • First time sending crypto to a new address? Always try a test transaction (something small like $5-$10 worth) before sending larger amounts. Keep in mind that fees could be incurred, but small fees are definitely better than being rekt.
  • Have trust in the information on the Ledger device’s screen. If your device displays anything other than what Ledger Live or the 3rd-party app shows, stop what you’re doing and seriously think about accepting the transaction or not. The information on your device is the source of truth, not necessarily the information on the interface connected to it.
  • Only interact with Ledger support throughout on our official support pages. Our team will never DM you through social media or any other avenue of digital communication. 
  • Never share your 24-word seed phrase with anyone. Also, never digitize, take a picture of, enter into a hot wallet, or screenshot, your seed phrase. This support article describes how to keep your 24-words safe and secure. Please don’t rely on your memory alone to recall your 24 words either. Write it down and even look into purchasing a Ledger Billfodl. In addition, don’t enter your 24-words into what you think is the Ledger Live application. The real application will never ask you to enter your 24-words anywhere but the physical Ledger device upon setup.

Remember: Don’t trust - verify.  It doesn’t matter what a website displays, the only thing that really matters is the message you’re signing on your device itself.

Still worried? Feel free to reach out to our support team, we're happy to help! 

Was this article helpful?