Fake Ledger Live Software Update Scams
Criminals distribute fake Ledger Live updates through phishing emails and lookalike download sites. The fake software captures the recovery phrase during a fake 'restore' step. Ledger Live updates are delivered only through the official app.
Part of: Fake Software Update Scams
Last reviewed: 7 June 2026
Software update scams targeting Ledger Live exploit a common security behavior: users are generally told to keep software updated as a security measure. Turning this advice against users, criminals distribute fake Ledger Live 'critical security updates' that are actually malware or phishing tools designed to extract the 24-word recovery phrase.
These attacks are particularly convincing because Ledger does release genuine Ledger Live updates regularly, and users who have followed good security practices to keep the software updated are more likely to respond to a fake update notification that mimics Ledger's genuine update messaging.
Ledger Live receives its updates through the built-in update mechanism within the app itself. When an update is available, the application notifies users with a banner or prompt inside the interface. Updates are downloaded and verified automatically. Ledger does not send standalone update download links via email, and no update process involves entering the recovery phrase.
How this scam works on the Ledger brand
A phishing email with Ledger branding announces a 'Critical Security Update for Ledger Live' addressing a vulnerability that could expose user funds. It provides a download link for 'Ledger Live v[number]' hosted on a domain like ledger-live-update[.]io. The installer is a modified version of Ledger Live or a lookalike application. During 'setup,' it prompts the user to restore their wallet by entering their 24-word recovery phrase — and transmits it to the attacker.
A browser-based variant serves a fake Ledger update popup when a user visits certain cryptocurrency-related sites. The popup mimics a genuine browser notification style and says 'Your Ledger Live is out of date. Update now for critical security fixes.' Clicking downloads the malicious installer.
The genuine Ledger Live update process shows an update prompt within the running Ledger Live application itself. The download is verified with a cryptographic signature before installation. The update does not require restoring the wallet or entering the recovery phrase — the device's existing configuration remains intact through the update.
Common red flags
- An email with a Ledger Live download link from any domain other than ledger.com
- A browser popup or notification advertising a Ledger Live critical update
- A Ledger Live installer that requires the recovery phrase during 'setup' after installation
- An update notification arriving via email rather than within the running Ledger Live application
- A downloaded 'Ledger Live' file whose publisher or digital signature does not match Ledger SAS
- Urgency: 'Your funds are at risk without this update — install within 24 hours'
How to protect yourself
- Update Ledger Live only through the in-app update prompt or by downloading from ledger.com/ledger-live
- Never install a Ledger Live update from an email link, pop-up, or search result
- Verify the digital signature of any Ledger Live download before installing
- Treat any post-update prompt to enter the recovery phrase as a definitive sign of a malicious install
- If you have installed software from a suspicious source, wipe your computer and restore Ledger Live from ledger.com before using your device again
How to report it
- Report fake update sites to Ledger at [email protected]
- Report phishing emails to [email protected]
- Submit malicious domains to Google Safe Browsing
- Report to IC3.gov (US) or Action Fraud (UK)
Frequently asked questions
How does genuine Ledger Live notify me of an update?
When a Ledger Live update is available, a banner or prompt appears within the running Ledger Live application. The update downloads and installs through the app. You do not receive a separate email with a download link for updates.
Does updating Ledger Live ever require restoring my wallet?
No. Updates to the Ledger Live application are software-only and do not affect the hardware device or require wallet restoration. Your existing wallet configuration carries over. Any post-update 'restore your wallet' prompt requiring the seed phrase indicates a malicious installation.
Can I verify that a Ledger Live download is genuine?
Yes. Ledger provides cryptographic hash values for official Ledger Live releases on their website. You can compare the downloaded file's hash against the published value to confirm authenticity. The download should always come from ledger.com/ledger-live.