Login

u/Steven_Ledger

▲ 8 r/ledgerwallet

How Ledger handles fake apps, phishing sites, and scam support accounts

TL;DR: We see, action, and escalate reports of fake Ledger apps, phishing sites, spoofed emails, and scam accounts impersonating Ledger regularly. Even though we don’t post about every takedown publicly, Ledger actively monitors, reports, and pushes for removal across app stores, search engines, marketplaces, domains, and social platforms. If you report scams when you see them, that helps us take them down, and keep the community safe.

While some scams start with a random fake link, or page, others often take opportunistic advantage of users who publicly signal they need help.

Some common opportunistic scenarios, someone posts a public request for help, such as:

“Why won’t my Ledger update?”
“My SOL transaction is stuck.”
“Is this app legit?”
“I’m trying to move funds and something looks wrong.”

In this situation, reactive impersonators may swarm in, replying with a prompt like:

>Kindly DM me for assistance…

pass 🙅‍♂️!

Scammers copy Ledger branding, use official-looking names, clone profile images, and reply with fake urgency across public channels like Reddit, X, Discord, Telegram, and YouTube comments. From a distance, especially when someone is stressed, this can look convincing enough to trick users seeking quick help.

That is the point.

Scammers are not only targeting people who are new to crypto. They also target people returning after a long break, people rushing to move funds, people cashing out, people crashing out, people troubleshooting, people who have been phished, and people who are already anxious because something feels broken.

Here’s the pattern we see often:

Situation What scammers try What to do instead
You post that your device or app is not working Fake support accounts reply and push you to DM Support only happens, with a ticket, on support.ledger.com/contact-us never in a DM.
You search for Ledger Wallet or Ledger Live Fake apps, ads, or spoofed sites may appear Download only from ledger.com/ledger-wallet
Someone is claiming to be official ledger support Present their page/profile with names, pictures etc that match real employees Official company representatives can be seen on X: https://x.com/Ledger/affiliates
You ask about a stuck transaction Scammers offer “validation” or “synchronization” links Do not connect your wallet through random links
You mention lost or stolen funds Fake recovery services claim they can retrieve crypto Do not pay recovery accounts or share private info

Ledger has a dedicated brand protection team working on this every day. That includes monitoring and reporting scam attempts across Google Search, Bing, general marketplaces, Apple iOS and macOS app stores, the Microsoft Store, domain registrars, and social media platforms.

We don’t make public posts every time something is reported, escalated, or removed. 

The frustrating part is that Ledger does not control what third-party platforms approve, host, index, or remove. App stores control app approvals. Social platforms control accounts, usernames, bios, logos, and profile branding. Search engines control search results and ads. Domain registrars control domain enforcement.

Ledger can monitor, report, escalate, and enforce our rights. The platform still has to take action.

That is why community reporting matters. If you see a fake Ledger app, phishing domain, spoofed email, impersonation account, or suspicious post, report it where you found it. You can also report it with a ticket to Ledger Support or an email to phishing@ledger.fr - include useful details like screenshots, URLs, usernames, app names, developer names, or domains. To have visibility of latest phishing trends or activity check out this page: https://www.ledger.com/phishing-campaigns-status

The universal red flags are simple 🚩 

Ledger will never call you, send you mail (or email), DM you, or in anyway ask for your 24-word recovery phrase:

Not during support.
Not for verification.
Not for a firmware update.
Not for staking, swaps, NFTs, refunds, or “wallet synchronization.”

If someone asks for your 24 words, you are not talking to Ledger. It is a scam.

The boring path is the safe path: download Ledger Wallet from our official website, contact support the same way, Clear Sign when possible, and slow down when someone tries to rush you.

That pressure is usually the tell. If there is any doubt, even if just 1%.. Reach out to our dedicated support team and open a ticket.

For additional tips on how to protect yourself, and to see examples of threats check out this guide: https://www.ledger.com/academy/somethings-phishy-how-to-keep-your-crypto-safe-against-scams

reddit.com
u/Steven_Ledger — 8 hours ago
▲ 4 r/ledgerwallet

From Ledger initiative to Ethereum standard: what Clear Signing changes for wallet security

TL;DR: Clear Signing, which Ledger started working on in 2023, is now being stewarded by the Ethereum Foundation as an open Ethereum standard. The point isn’t “Ledger owns this.” It’s the opposite: transaction signing needs shared infrastructure so wallets, protocols, auditors, and users can all get safer.

https://preview.redd.it/0d4t2d24ab1h1.png?width=2048&format=png&auto=webp&s=967f08d6c63b48b8229c9e14777c18c9f6666c61

Why this matters

Most crypto losses don’t happen because someone personally typed “please drain my wallet.”

They happen because the signing moment is still too hard to understand. You approve a transaction, but the thing you’re shown is often vague, technical, or unreadable. Hex data. Contract calls. Blind approvals. The usual nightmare soup.

Transaction signing is one of the core actions users take on Ethereum. Making that moment easier to understand is not a niche UX cleanup. It’s one of the places where better security can actually meet users where they are.

That’s the gap Clear Signing is meant to close: before you sign, you should be able to understand what the transaction is actually doing.

What changed

Ledger launched Clear Signing in 2023 as an open-source security initiative, but the goal was never for it to stay as a Ledger-only lane.

The Ethereum Foundation’s Trillion Dollar Security Initiative is now taking on stewardship of Clear Signing as an open Ethereum standard, with the work living at clearsigning.org 

That matters because a signing standard needs neutral trust. If wallets across the ecosystem are going to rely on shared transaction descriptions, it should not feel controlled by one company, including ours.

What actually shipped

This is not just a “new website, good vibes” announcement.

The work includes:

  • An updated ERC-7730 standard for describing transaction behavior
  • A decentralized registry that anyone can mirror
  • An attestation framework using ERC-8176 and Ethereum Attestation Service
  • Developer libraries in Rust and TypeScript so wallets can integrate it

That’s the difference between a feature and infrastructure. A feature lives in one product. Infrastructure gives everyone something to build on.

Credit where it’s due

Ledger helped initiate this work, but this release is bigger than Ledger.

The working group includes contributors across the ecosystem, including the Ethereum Foundation, Trezor, WalletConnect, Sourcify, Fireblocks, Cyfrin, Zama, Keycard, ZKnox, MetaMask, Argot, and independent builders.

That’s probably the healthiest version of crypto security: compete on products, cooperate where users keep getting hurt.

What this means for Ledger users

Ledger Wallet, Ledger Enterprise Multisig, and Ledger Direct Access in dApps already support Clear Signing today.

Ledger’s implementation still matters here because readable transaction data is only useful if it reaches the user at the actual signing moment. The open standard helps describe what should be shown. A trusted signing surface, like a secure device screen backed by a Secure Element and Trusted Display, helps make sure the user is reviewing that information somewhere the app can’t quietly rewrite it.

Small distinction, big security difference.

The bigger picture

Blind signing should feel outdated.

Not overnight. Standards still need adoption. Wallets need to integrate. Protocols need to provide clear descriptions. Auditors need to review them. Users still need to slow down for two seconds before approving something.

But this is the right direction.

Make transactions readable. Make the standard open. Put the infrastructure somewhere neutral. Let the whole ecosystem raise the floor.

See what you sign.

reddit.com
u/Steven_Ledger — 7 days ago
▲ 3 r/ledgerwallet

Crypto portfolio up? Avoiding rushed transactions and fake support scams

Markets are starting to feel alive again 🥳

That’s exciting, but it’s also exactly when people start doing dumb stuff faster than usual.

When everything is red for months, people overthink every move, or simply check out. When the market starts ripping, suddenly everyone is refreshing charts, screenshotting gains, chasing entries, clicking faster, signing faster, and convincing themselves they’ll “clean it up later.”

That’s usually where the mistake happens.

If you’re wondering how to sell, when to sell, when to take profit, or whether you should move funds around during a run, the answer probably isn’t “panic sell everything” or “never touch it.” It’s more boring than that:

Have a plan before the candle makes the plan for you.

Market moment What people feel What can go wrong Better habit
Portfolio hits a local high “Finally, we’re back” You screenshot it and never realize the gain (i’m in this section 😭) If a screenshot is worth taking, profits are worth considering
Token starts pumping “I need to move now” You rush a transaction or approve the wrong thing Slow down and check what you’re signing
Everyone is posting wins “I’m behind” You chase late entries or random links Step away from the feed before making wallet decisions
You’re cashing out “Let me just get this done” You use the wrong app, site, address, or network Verify the source, then verify the transaction
You need help fast “Something is wrong” Fake support accounts swarm your replies/DMs Go directly to official support

The line I’d keep in mind is simple:

If a screenshot is worth taking, so are profits.

Not financial advice, obviously. But if your portfolio is up enough that you’re sending screenshots to friends, staring at the number, or thinking “damn, I should save this,” that’s usually a sign to at least think about trimming, rebalancing, or setting a real exit plan. They say a picture is worth 1000 words, a screenshot with no action could cost you the same

The other part is security hygiene. 

Market euphoria makes people careless. Scammers know that. They don’t need to beat your entire security setup if they can catch you rushing one bad approval, downloading one fake app, clicking one fake support link, or signing one transaction you didn’t properly read.

Before you move funds, slow down:

  1. Make sure you’re using the official Ledger Wallet download page: https://www.ledger.com/ledger-wallet
  2. If anything asks for your 24-word recovery phrase, stop. That is a scam.
  3. Don’t trust, verify transaction details on your Ledger device’s secure screen, not just an app’s interface.
  4. Always use Clear Signing and Transaction Check where available, confidence comes from clarity.

A good transaction should survive a 30-second pause. Your bags will thank you.

That pause is where you catch the wrong address. The weird contract interaction. The fake “support” link. The wallet-drainer pretending to be a mint, claim, bridge, airdrop, staking page, or “verification” tool. This silly 

Green candles are exciting. Enjoy it.

Just don’t let a green week convince you that basic security rules are suddenly optional. The boring path is still the safe path: verify the app, verify the address, verify the transaction, never share your recovery phrase, and don’t let urgency make decisions for you.

u/Steven_Ledger — 14 days ago
▲ 3 r/ledgerwallet

TL;DR: Ledger Sync keeps your account list, and portfolio balance identical between your mobile and desktop apps without using an email, password, or central database. Using your Ledger signer to encrypt your metadata locally, no one can see what accounts you own.

One thing we talk about a lot internally is that your laptop screen is basically "insecure by design." It’s an open window for UI hijacking or phishing because the OS just isn't built for high-stakes security. That's why we always tell you to trust the screen on your Ledger signer, not your computer.

This creates a massive headache for something as simple as syncing your accounts. Most people want to manage assets across multiple devices, this article is consistently one of our most popular reads.

In the Web2 world, you just log in with an email and everything appears… In crypto its not that easy. Ledger Sync is trying to get that "it just works" Web2 feeling without the "we own your data" Web2 baggage.

https://preview.redd.it/48wh3ccwe6xg1.jpg?width=1024&format=pjpg&auto=webp&s=20c46f4967e227886f45c9d4b1f1c5badfc79834

The Key Ring Approach
We spent a lot of time on something called the Ledger Key Ring Protocol. Instead of a username and password, your physical Ledger signer acts as the key.
When you turn on Ledger Sync, the device generates a private encryption key. Your app then uses that to scramble your account data every few seconds before sending it across. Because the encryption happens at the hardware level, your phone and laptop can stay in lock-step without Ledger ever seeing the contents of that "sync."

A Few Things To Keep In Mind:

  • No "Forgot Password": Since there’s no central account, your 24-word phrase is the only way to restore a sync. If you lose that, you're back to adding accounts manually…and have bigger problems to worry about, to be honest.
  • The Nano S Gap: This won't work on the original Nano S. The chip in that device is a tank, but it’s from 2016 and doesn't have the "room" to handle the AES-GCM encryption required for this protocol.
  • Metadata only: To be clear, this doesn't sync your private keys (those never leave the chip). It just syncs the "map" of your accounts so you don't have to manually add them every time you get a new phone.
  • If you need any help on setting up Ledger Sync, check out this support article

For those of you who manage a lot of accounts across different chains, or use multiple devices to view your managed assets. Does this solve a pain point for you, or do you prefer the manual control.. whats missing?

reddit.com
u/Steven_Ledger — 28 days ago