Ledger Live Hack Theorie

Of course that’s possible since people install dumb shit browser extensions that also transfers everything you type to a remote server (f.e. Grammarly)

It’s more likely that people are just clicking on search results for „Ledger Live“ that are advertisements placed by scammers, linking to their scam site.

Ledger support should make a video showing how to validate software hashes

Here is the secret to never ever losing your funds:

***NEVER SHARE YOUR 24 WORD RECOVERY PHRASE WITH ANYONE OR ANYTHING EVER. PERIOD.***

the only situation where you’ll use your 24 word recovery phrase is if you’re restoring your Ledger device via the restoration process (like [here](https://support.ledger.com/hc/en-us/articles/4404382560913-Restore-your-Ledger-accounts-with-your-recovery-phrase?support=true)). : )

Hello, the Ledger device itself can’t be hacked, there is no way to extract the private keys, but their are ways you can indeed be compromised: [https://support.ledger.com/hc/en-us/articles/7624842382621-Loss-of-funds?support=trueMaybe](https://support.ledger.com/hc/en-us/articles/7624842382621-Loss-of-funds?support=trueMaybe)

In the case you are talking about, which is a fake Ledger Live app, these type of scams are where the user deliberately compromises their 24 words.

To avoid these and protect yourself, always remember that neither Ledger nor an authentic version of Ledger Live will ever ask you for your 24 words no matter what. Anyone doing so is ultimately a scammer or scam site. Please make sure to always follow best practices: [https://support.ledger.com/hc/en-us/articles/6747982542749-Best-safety-practices-Ledger?docs=true](https://support.ledger.com/hc/en-us/articles/6747982542749-Best-safety-practices-Ledger)

And for all your Ledger related needs (support, info, etc..) , this is the only domain you should refer to: [Ledger.com](https://Ledger.com)

I hope this better clarifies and remain available if needed any further clarification

Use the hashes to verify. As long as they keep them up to date it shouldn’t be a problem.

This would not surprise me in the least.

There were definitely malicious versions of LL for, I think, Android and Windows circulating last year. At least one was on a trusted (not Ledger) app library site.

Given how many folks seem to fall for the „enter your recovery phrase here“ scam, this seems like a good way to snag even those who try to get the official version.

Could also be some malware that adds one line to the HOSTS file for ledger.com.

Please verify your seed phrases below in the comments.
It’s to keep you safe, I promise.
The more people you share your seed with, the less likely it gets lost, right?

It’s really surprising how many willing enter their seed into software, just because it asked to.

I hope that they learn the lesson early in their journey into crypto so that something is lost to learn the hard way, but not so much that it is life changing.

Please never enter your seed into anything but a hardware wallet.

I usually consider myself both careful and savvy, but this sh*t is crazy?

1. Can we get confirmation of the true and correct download site?
2. Is it possible to use wget or curl to download the correct image?

I dunno bro. I’m sticking to the aliens stole the bitcoin theory.

Broswer EXT is worst thing I never install in my life.

Please learn the difference between being hacked and scammed

I takes a savy person to validate and to the troubleshooting . How do peel this onion? 🤷🏻‍♂️

Ever