Current scams at Ledger & Ledger Live

1. Phishing emails / fake update requests

• Fake emails claiming to be from Ledger ask users to download a new version of Ledger Live or perform a “security update.”
• These messages often contain a button such as “Verify Now” or “Secure My Account,” which leads to a fake website where the 24-word phrase is then requested.
• Particularly dangerous: fake Ledger apps have been discovered on macOS that replace the real application and ask you to enter the phrase.
  

2. Physical mail (Ledger Letter Scam)

• Criminals send deceptively real letters to user addresses (some of which come from leaked data).
• The letter often contains QR codes or links to fake websites asking you to validate your wallet or perform security updates.
• Ledger itself confirms that they never Send letters with such requests.
  

3. Telephone calls / social engineering via hotline

• Victims receive calls claiming their Ledger account has been compromised. They are then asked to visit a website or enter their recovery phrase.
• Some cases report that details (name, email address) from data leaks have been used to inspire trust.
• Important: Ledger never calls users and will never ask for the recovery phrase.
  

4. Fake Ledger software / manipulated apps / malware

• Fraudsters offer a manipulated version of Ledger Live that appears legitimate but collects the seed phrase upon login.
• Browser plugins or external apps that mimic Ledger functionality are also in circulation.
• In some cases, malware is secretly installed on the computer and monitors actions in the background.
• A technically sophisticated variant: a manipulated hardware device (e.g., purchased, opened, or hardware components swapped) is resold as a genuine device. Thus, the creation of a seed on such a device is already compromised.
  

5. Address poisoning

• A more recent scam involves an attacker sending a small amount of cryptocurrency or NFT to a user's address. This so-called "poisoned address" can result in the next transaction automatically transmitting manipulated data or redirecting the user to a phishing website.
  

6. Clipboard manipulation (e.g. EthClipper attacks)

• A classic technique in which malware monitors the clipboard in the background and replaces the address with a manipulative one when copying crypto addresses. The user only notices a slight inaccuracy – and then unknowingly sends the message to the attacker.
  

7. Technical Support Scam / Fake Recovery Services

• Scammers offer repair or support services for wallet issues on social media or through advertisements. Users are redirected to a "support channel" where they systematically manipulate them into disclosing their keys or confirming transactions.
  

Legal perspective & options for victims

• File a criminal complaint: As soon as a loss occurs, a report should be filed with the police immediately, if possible with all evidence (email, letters, screenshots).
  
• Blockchain analysis / trace detection: With the help of on-chain analysis, it is often possible to trace where the stolen coins went.
  
• Civil law claims: In certain cases, it can be examined whether service providers, intermediaries or platforms can be held liable – for example, due to breaches of duty, incorrect security advice or culpable negligence.
  
• Immediate measures in case of suspicion:
  1 – Involve experts (IT forensics, crypto law)
  2 – No more access to compromised wallet / seed
  3 – Generate a new wallet with a fresh seed (offline)
  4 – Transfer any funds, if still available, immediately
  5 – Revoke access rights (dApp permissions)
  

Protective measures & best practices

• Buy Ledger devices only from the manufacturer or official resellers
• Firmware / software only from official sources / directly from Ledger
• Never enter the 24-word recovery phrase anywhere – only on the device itself
• Distrust of emails, calls or mail with urgent requests
• **Check domains carefully – look for minimal deviations (e.g. “legder”, “ledqer”) **
• Regular device checks / authenticity checks according to Ledger instructions
• Do not install third-party apps that imitate Ledger features
• Monitor clipboard / Use anti-malware
• Check permissions / smart contract authorizations and revoke them if necessary

Der Beitrag Achtung Ledger-Betrug: Aktuelle Angriffe & wie Sie Ihr Kryptoguthaben schützen erschien zuerst auf R&U.