Online Threat Alerts (OTA) - Alerting you to scams and frauds.
Ledger Email Scam - How to Protect Yourself

Ledger email scams are active phishing campaigns aiming to steal 24-word Secret Recovery Phrases (SRP) via fake firmware updates, security alerts, or data breach notifications. Attackers use spoofed emails (e.g. "legder") and malicious links to lead users to fake websites. Never enter your 24-word phrase on a computer, phone, or any website, it is only for your physical device.

Protection Tips

  • Urgency & Threats: Scams often demand immediate action to fix a supposed "security breach" or "firmware update," threatening to cut off access to funds.
  • Fake Websites: Links often lead to spoofed Ledger websites that look identical to the real Ledger Live app.
  • Never Share Your Seed Phrase: Ledger will never request your 24-word recovery phrase via email, chat, or phone.
  • Verify Emails: Review the official list of Legitimate Email Addresses from Ledger to confirm the sender.
  • Suspicious Phone Calls: Scammers may call referencing an email to appear legitimate.
  • Report Scams: Immediately report phishing attempts to Ledger through their official support channels.

If you have already interacted with such a link or provided your phrase, your assets are at risk. For examples of ongoing phishing campaigns, refer to the Ledger phishing campaigns status page.

waiting