Review and sign transactions from a single secure screen with Ledger Flex™

Discover now

Thought leadership | 11/10/2020

The Battleground Against Phishing Attempts

Ledger users are under attack and targeted by a phishing scam (here is a link to understand the anatomy of a phishing attack).

Kraken Security Lab has done a great job at describing what’s going on and we appreciate their help in this matter.

Today, we want to let you know that Ledger is fighting hard to defeat the scammers. But we also want to let you know that we’ll be stronger together.

Help us #StopTheScammers.

The two main ideas you should leave with after reading this post are :

  1. NEVER SHARE YOUR 24 WORDS WITH ANYONE. EVER.
  2. HELP US TAKE THE SCAMMERS WEBSITES DOWN

The best way to stop the scammers is to take their websites down as quickly as possible. Here’s how you can help:

  • Spread the word: talk to your friends and your communities and let them know that they must never share their 24 words with anyone under any circumstances, Ledger will never ask for their 24 words. No one should ever ask you for your 24 words… It’s a secret that only you should know!!!
  • If you have received a phishing attempt or if you are aware of an illegal website, like the ones above, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.
  • If you have received a phishing attempt, you can file a complaint with your local criminal authority.

Phishing scams are one of the critical problems in cybercrime. The Ledger community will be better protected if we all work together.

When you find a scam, report it to the community: #StopTheScammers.

We understand the stress and uncertainty these phishing attacks may be causing you. We want to assure you that our team is doing everything in our power to stop these attacks. 

What is our team doing ?

  • Members of our Donjon security team are continuously tracing the scammers’ new website URLs, so that we can  share the necessary technical information for the relevant authorities.
  • Managing and updating an on-going criminal complaint through the French Public Prosecutor to enable the police force to identify and prosecute those responsible.
  • Subpoena request forms in the US and in France to obtain from the internet intermediaries and communications operators full disclosure of the identity of the responsible. 
  • Reaching out to international cyberdefense organizations to bring the case to their knowledge. This is a way to increase the magnitude of this complaint by using these international cyberdefense organizations enormous and transnational capabilities.
  • Our brand protection internal and external teams are reporting illegal  websites  to abuse contact of the registrars. Within the last few weeks, 87 websites have been reported and 42 shutdowns. Some registrar fail to be reactive which explains why websites are still active despite Ledger notifying them several times following the abuse procedure. 
  • Communicating with our customers and community, answering thousands of questions and updating users with new information as it is available through our support center, Twitter, Facebook, email, Reddit, etc. 

We will be stronger together.

#StopTheScammers

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.