Security

Phishing · PIN · Physical security {pboot:if('YueQianBao — independent Ledger English service hub (not official). Focused on three things: verifying the official portal, comparing models, and following usage guides; with seed/PIN safety and phishing awareness.'!='')}

YueQianBao — independent Ledger English service hub (not official). Focused on three things: verifying the official portal, comparing models, and following usage guides; with seed/PIN safety and phishing awareness.

{/pboot:if}
You Lost the Recovery Phrase but Still Have the Device — What Now?

Overview: What should you know about the scenario: You Lost the Recovery Phrase but Still Have the Device — What Now?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Make sure the device is still unlockable and immediately move assets.
  2. Reinitialise a new device with a fresh recovery phrase.
  3. Transfer assets to the new address.
  4. Reset and decommission the old device.
  5. Record the new backup locations and tighten physical protection.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Why You Must Never Photograph or Upload Your Recovery Phrase to the Cloud

Overview: What should you know about the scenario: Why You Must Never Photograph or Upload Your Recovery Phrase to the Cloud?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Stop any photo or screenshot activity right now.
  2. Thoroughly delete any digital copy and empty the recycle bin.
  3. Check cloud sync and photo albums and delete any backups there.
  4. Rewrite the recovery phrase onto paper or a metal plate.
  5. From now on, only view the phrase offline.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Why You Should Never Enter PIN or Recovery Phrase on a Computer or Phone

Overview: What should you know about the scenario: Why You Should Never Enter PIN or Recovery Phrase on a Computer or Phone?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Identify the scenario and disconnect the network and device immediately.
  2. Confirm you're on the genuine domain and the authentic app.
  3. Check device prompts and Ledger Live security warnings.
  4. Work through the official documentation step by step, recording what you find.
  5. Contact official support if needed — never reveal your recovery phrase or PIN.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Fake Ledger Support Identification — Social Media Anti-Scam

Ledger support does not DM first, does not ask for your recovery phrase, and does not ask you to run unusual commands or install new firmware via external tools. If an account does any of these, it's fake.

Safety reminder: Never share your recovery phrase, PIN, or verification codes with anyone. Always verify using the device screen. Use only official channels to download apps and install updates.

View Full Answer

Do You Need a Metal Plate for Your Recovery Phrase?

Overview: What should you know about the scenario: Do You Need a Metal Plate for Your Recovery Phrase?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Choose a stainless-steel plate that resists fire and water.
  2. Engrave the recovery phrase offline, with nobody else present.
  3. Verify each word after engraving.
  4. Store the plate somewhere secure, dry, and theft-resistant.
  5. Keep a paper backup as a secondary fallback.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

What Are the Risks of an 'Update Patch' Sent by Email?

Overview: What should you know about the scenario: What Are the Risks of an 'Update Patch' Sent by Email?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Never open executable attachments from email.
  2. Download updates manually from the official site, not from email links.
  3. Check the sender's domain and the SPF/DKIM status.
  4. Delete suspicious emails and empty the trash.
  5. Change account passwords and scan for malware if needed.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Collect Evidence and Report After Confirming Funds Were Stolen

Overview: What should you know about the scenario: How to Collect Evidence and Report After Confirming Funds Were Stolen?

Key takeaway: Isolate the network first, then migrate remaining assets under a fresh recovery phrase, preserve evidence, and notify Ledger and the relevant platforms.

Action steps:

  1. Disconnect the network and unplug the device immediately.
  2. On a trusted device, initialise a new wallet with a fresh recovery phrase.
  3. Move remaining assets to the new address.
  4. Collect logs, transaction hashes, and chat records as evidence.
  5. Report to official support and any affected platform, and strengthen your security habits.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Do You Need to Rotate Your PIN Periodically?

Overview: What should you know about the scenario: Do You Need to Rotate Your PIN Periodically?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Confirm you remember the current recovery phrase first to avoid accidental wipe.
  2. Go to the device settings and choose Change PIN.
  3. Enter the old PIN, then set and confirm the new one.
  4. Reconnect Ledger Live to verify it works.
  5. Log the change date in a safe place — don't write the full PIN anywhere.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Set a PIN That Is Both Safe and Memorable

Overview: What should you know about the scenario: How to Set a PIN That Is Both Safe and Memorable?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Identify the scenario and disconnect the network and device immediately.
  2. Confirm you're on the genuine domain and the authentic app.
  3. Check device prompts and Ledger Live security warnings.
  4. Work through the official documentation step by step, recording what you find.
  5. Contact official support if needed — never reveal your recovery phrase or PIN.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Double-Check a Signing Prompt to Prevent Address Replacement

Overview: What should you know about the scenario: How to Double-Check a Signing Prompt to Prevent Address Replacement?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Verify the recipient address and amount field by field on the device screen.
  2. Confirm the app display matches the device before signing.
  3. If an unfamiliar address appears, reject and exit.
  4. Check the computer for clipboard-hijacker malware.
  5. Restart the device and the app before retrying.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Ledger Lost — What to Do

Your assets are safe as long as (a) your recovery phrase is safe and (b) your PIN was unknown to the thief (PIN retries are limited; the device wipes after repeated wrong PINs). Buy a new Ledger and restore from your recovery phrase.

Safety reminder: Never share your recovery phrase, PIN, or verification codes with anyone. Always verify using the device screen. Use only official channels to download apps and install updates.

View Full Answer

What to Do When the Device Wipes Itself After Too Many Wrong PINs

Overview: What should you know about the scenario: What to Do When the Device Wipes Itself After Too Many Wrong PINs?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Check the remaining attempts left — don't keep entering wrong PINs.
  2. Keep the recovery phrase ready as your fallback.
  3. Let the device wipe itself, then restore from the recovery phrase.
  4. Set a new PIN and test unlocking.
  5. Log the incident for future audit.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Spot Fake Official Sites and Phishing Download Pages

Overview: What should you know about the scenario: How to Spot Fake Official Sites and Phishing Download Pages?

Key takeaway: Scam prevention comes down to one thing: verify the domain and the certificate. Any request for your recovery phrase or PIN is a scam.

Action steps:

  1. Type the domain ledger.com manually into the browser.
  2. Check the certificate issuer and the HTTPS padlock.
  3. Never download from search ads or community links.
  4. Verify the hash/signature of the installer.
  5. Close and report any fake site you spot.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How Should You Back Up the Recovery Phrase for Maximum Safety?

Overview: What should you know about the scenario: How Should You Back Up the Recovery Phrase for Maximum Safety?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Retrieve the recovery-phrase paper in an offline environment.
  2. Verify word order and spelling one by one.
  3. If you need to rewrite, use pen and paper — no photos or screenshots.
  4. Split backups across two fire- and moisture-proof locations.
  5. Log the inspection date and recheck periodically.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Security Boundary: PIN vs. Recovery Phrase

Overview: What should you know about the scenario: Security Boundary: PIN vs. Recovery Phrase?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Explain that the private key never leaves the device's secure element.
  2. No software interface ever needs the recovery phrase or PIN.
  3. When connecting to a computer, verify the official app and its certificate.
  4. Never disclose any key material through browser extensions or SMS.
  5. Keep device firmware and apps up to date.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer