If you bought a Ledger hardware wallet, may it be the Ledger Nano S or the Bluetooth-enabled Ledger Nano X, chances are, you’ve bought them to have better security over your funds. And yes, you’ve definitely made a great choice.
With that said, when you’re using a Ledger hardware wallet, it doesn’t automatically mean that your funds are going to be 100% secure from hackers and scammers.
No matter how secure your Ledger hardware wallet is, you can still be tricked into handing over access to your funds to hackers and scammers.
And due to how many hacks and scams have been happening to Ledger hardware wallet owners, we’ve decided to make this article. Here are some things to watch out for if you own a Ledger, or if you’re planning on owning one.
Fraudulent Ledger software
Ledger will NOT ask you to enter your 24-word mnemonic phrase onto Ledger live, or anywhere on your computer.
If you’re going to download Ledger Live, make sure to download it only through the legitimate Ledger website(https://www.ledger.com/ledger-live), and nowhere else.
Fraudulent versions of Ledger Live(for both mobile and desktop) are definitely spread onto the world wide web, in an attempt to steal users’ funds by tricking users into entering their 24-word mnemonic phrase onto the fraudulent software, effectively giving access to their funds to the scammers.
As we speak, Ledger Live is the only software that Ledger supports. Do not install the old Ledger browser extensions as they’re already obsolete for a while now.
Fake Ledger hotline
If you need to contact Ledger for whatever reason, only use Ledger’s request form on their website. https://support.ledger.com/hc/en-us/requests/new
Most of the contact information on the web you’re going to find are scams. Make sure to only use contact information that you see on Ledger’s legitimate website (ledger.com).
Fake Ledger customer support
If you frequently use Reddit and you had a problem with your Ledger device, you might’ve decided to ask for help on Ledger’s subreddit(r/ledgerwallet).
If so, you need to watch out for fake Ledger customer support representatives that are trying to scam people out of their coins. The only legitimate Ledger moderators are going to be displayed on the subreddit’s sidebar:
Another reminder that Ledger will not ask you to hand over your 24-word mnemonic phrase. The only place where it’s fine to enter your 24-word phrase is on the Ledger device itself when you’re trying to verify your mnemonic phrase using the built-in Ledger Recovery Check app.
Tampered Ledger packages
As we speak, though as far as we know there hasn’t been a successful attempt to crack a Ledger device, it’s recommended to purchase a Ledger device only on Ledger’s official website. Yes, there are other legitimate re-sellers available on some websites, be we suggest using Ledger’s official site anyway just to be extra sure.
While there may be sellers out there that have cheaper prices, we don’t recommend risking the security of your funds just so you can save a few dollars.
Pre-written Ledger 24-word mnemonic phrases
There have been other online sellers that are opening up Ledger wallet boxes, and changing the recovery sheet to a pre-written one.
Remember, only generate a 24-word mnemonic phrase on the Ledger device itself. If your Ledger package has a Recovery Sheet with pre-written words in it, someone is trying to steal your funds. Only you and you alone should have access to your 24-word mnemonic phrase.
Clipboard Hijack software
There are certain types of malware that are solely designed to steal your funds and one of those is clipboard hijack software.
In summary, if the malware detects that you copied a crypto wallet address, the malware will replace the address on your clipboard with the hacker’s wallet address.
The solution to this is pretty simple. Always double-check the address you’re pasting, if it’s the correct address or not.
If you’ve noticed that your device is pasting a different address to what you’re copying, immediately do a virus scan, or better yet, format your operating system to be sure.
Malware in general
As said in the previous point, malware that is specifically made to steal funds exists. And because of this fact, it is absolutely not recommended for you to store your 24-word mnemonic phrase backup on your computer, or anywhere digital. Whether it’d be on a word document, a .txt file, an email message, a social media message, your prone’s notes app, you name it.
Only store your 24-word backup on a piece or piece of paper.
People saving their private keys on their phones or their computers and getting them stolen by hackers is still one of the most frequent ways how people lose their money.
Unfortunately, the Bitcoin and cryptocurrency industry will be heavily filled with scammers and hackers whether we like it or not, and the only way for you to combat this is to always be skeptical and to always be updated with the clever tricks and schemes that hackers and scammers are making.
If you’re interested in the other scams in the cryptocurrency industry so you can protect yourself, we suggest checking out our “Cryptocurrency Scambook” page.
Stay safe, and happy hodling.