Ledger Seed-Phrase Phishing Scams
Criminals send fake Ledger security alerts directing users to enter their 24-word recovery phrase on lookalike sites. No Ledger process — including genuine firmware updates — ever requires entering the recovery phrase online.
Part of: Seed Phrase Phishing
Last reviewed: 7 June 2026
The Ledger hardware wallet is designed around one core security principle: your 24-word recovery phrase is generated offline, displayed only on the device itself, and should only ever be entered on the physical Ledger device — never on a computer, phone, or website. This principle is what makes a hardware wallet more secure than a software wallet.
Phishing campaigns targeting Ledger users aim to subvert this principle by creating a plausible reason to break it. Typical pretexts include: 'Ledger Live requires your recovery phrase to activate a critical security patch,' 'Your Ledger account must be verified following the data breach,' or 'A new regulatory KYC requirement needs your wallet credentials.'
The Ledger recovery phrase is not an 'account credential' in the traditional sense — it is a cryptographic secret that cannot be changed and gives permanent, complete access to all wallets derived from it. Losing it to a phisher means losing all associated assets with no recourse.
How this scam works on the Ledger brand
A phishing email with Ledger branding directs users to a site such as ledger-activation[.]com, which presents a step-by-step 'wallet verification wizard.' The wizard walks through questions about the user's device model, then asks them to type their 24-word phrase to 'complete verification.' The phrase is transmitted to the attacker and the wallet is drained within seconds.
Another vector is through hijacked social media accounts or fake Ledger support profiles on Twitter/X and Reddit. Users posting about Ledger problems are approached by 'Ledger Support' accounts that offer one-to-one help and eventually guide them to a third-party form or website requesting the phrase.
Ledger's official recovery procedure involves using the Ledger device itself to enter the phrase — either to restore a lost device or to add the phrase to a new hardware device. This is done entirely on the device's physical buttons and screen, which communicates with Ledger Live only to confirm the restored account — never to transmit the phrase itself.
Common red flags
- An email, letter, or message asking you to type your 24-word phrase into any software or website
- A 'Ledger support agent' on social media or Discord requesting your recovery phrase via DM
- A verification wizard on any site other than a Ledger device interface asking for recovery words
- Urgency claims that your wallet will be locked unless you enter the phrase within a deadline
- A link to a 'Ledger wallet verification' page at a domain other than ledger.com
- A Ledger Live pop-up or dialog box on your computer asking for the 24-word phrase (legitimate Ledger Live never does this)
How to protect yourself
- Treat any request for your recovery phrase as a definitive scam — there are no exceptions
- The only legitimate use of the phrase is to physically import it into a Ledger hardware device using the device's buttons
- Never type the phrase into a computer keyboard, tablet, or phone under any circumstances
- Store the phrase on the original paper card that came with the device, in a secure offline location
- Use Ledger's official support at support.ledger.com; never seek help via social media DMs
How to report it
- Report phishing sites to Ledger at support.ledger.com or email [email protected]
- Submit the phishing URL to Google Safe Browsing
- Report to IC3.gov (US), Action Fraud (UK), or your national cybercrime body
- Report fake social media support accounts to the relevant platform
Frequently asked questions
Does a firmware update to my Ledger ever require the recovery phrase?
No. Firmware updates are handled entirely by Ledger Live communicating with the device. The recovery phrase is never part of this process and is never transmitted anywhere.
What if a support agent says they need my phrase to diagnose a problem?
This is always a scam. Ledger's support team has no mechanism to access your wallet and no legitimate need for your recovery phrase. End the interaction and contact Ledger through support.ledger.com.
My Ledger displays a 'genuine check' result — does that protect me from phishing?
The genuine check confirms your physical device has not been tampered with. It does not protect against phishing attacks that trick you into voluntarily sharing your seed phrase. The protection against phishing is behavioral: never share the phrase.