Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them. Learn more

Verify transactions with your Ledger device and avoid address replacement attacks

Storing your crypto with a Ledger device gives you full control over your private keys. It keeps them offline, isolated from the Internet, and away from online threats.

However, that’s not the case with software wallets which are often a honeypot for hackers and different types of malware attacks.

Malicious attacks are growing in number and sophistication

Attacks targeting software wallets and attempting to trick users are becoming more and more common.

One example is an address replacement attack that can lead to loss of funds if you’re not careful when signing a transaction. Malware can infect your PC or smartphone and modify your address to trick you into sending funds to a fraudulent attacker's address instead of yours—you could paste your own wallet address and malware would change it to the attacker’s address. Often, the beginning and the end of an address match, so most people wouldn’t notice the change.

The good news is that your Ledger device keeps the receiving/sending address accurate. With that in mind, you should consider your Ledger device display as the only source of truth.

Tips on staying safe

  • Trust your device. Software apps, phones, and computers can be hacked or infected with malicious programs. Rely on your Ledger device to review transaction details. 
  • Before signing a transaction, check carefully if it matches the one displayed in a software wallet. Verify details such as an address, amount, and fees.
  • Regularly scan your PC for malware.
  • Ensure that you have the latest version of antivirus software installed. 
  • Avoid unlicensed software and sites that look suspicious.
  • If you’re an advanced user, you can verify the authenticity of the Ledger Live binary installation. Learn more
Sending transaction
  • Always send a small amount first. If the funds are successfully received, you can send larger amounts.
  • Double-check the recipient’s address. For example, you can double-check an exchange deposit address with the recipient through SMS, email, or a messaging app.
  • Verify that the recipient address, amount, and fees displayed in a software wallet match the ones displayed on the screen of your Ledger device.
Receiving transaction
  • Verify that your deposit address displayed in a software wallet matches the one displayed on the screen of your Ledger device. Keep in mind that addresses displayed in software wallets can be manipulated.
  • Wait for multiple confirmations before accepting a payment. For Bitcoin transactions, six confirmations are recommended. 


Note: Sometimes Ledger Live will detect suspicious activity and inform you about it. You’ll see the message Mismatch between the copied address and the one in the clipboard. In this case, immediately cancel the transaction and do the full scan of your PC.

Unverified addresses: Ledger Live can provide receiving addresses without a Ledger device. However, these addresses provide insufficient security. If you choose to use unverified addresses, you do so at your own risk.

Was this article helpful?