Security

Phishing · PIN · Physical security {pboot:if('YueQianBao — independent Ledger English service hub (not official). Focused on three things: verifying the official portal, comparing models, and following usage guides; with seed/PIN safety and phishing awareness.'!='')}

YueQianBao — independent Ledger English service hub (not official). Focused on three things: verifying the official portal, comparing models, and following usage guides; with seed/PIN safety and phishing awareness.

{/pboot:if}
The Right Process for Moving Your Recovery-Phrase Storage

Overview: What should you know about the scenario: The Right Process for Moving Your Recovery-Phrase Storage?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Pick the new moisture- and fire-proof location in advance.
  2. Prepare a fresh secure container before the move.
  3. Ensure nobody else is watching during the transfer.
  4. After the move, check for and destroy any leftover copies.
  5. Update your custody list and inform your trusted contact.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Keeping the Recovery Phrase Fire- and Moisture-Proof at Home

Overview: What should you know about the scenario: Keeping the Recovery Phrase Fire- and Moisture-Proof at Home?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Use a fire- and moisture-proof physical container or a metal plate.
  2. Split the recovery-phrase copies across two locations to avoid single-point risk.
  3. Inspect the storage environment regularly for moisture.
  4. Keep the phrase away from ID documents — you don't want both stolen together.
  5. Record the custodian and the inspection date.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Emergency Steps When You Spot an Unauthorised Outbound Transaction

Overview: What should you know about the scenario: Emergency Steps When You Spot an Unauthorised Outbound Transaction?

Key takeaway: Isolate the network first, then migrate remaining assets under a fresh recovery phrase, preserve evidence, and notify Ledger and the relevant platforms.

Action steps:

  1. Disconnect the network and unplug the device immediately.
  2. On a trusted device, initialise a new wallet with a fresh recovery phrase.
  3. Move remaining assets to the new address.
  4. Collect logs, transaction hashes, and chat records as evidence.
  5. Report to official support and any affected platform, and strengthen your security habits.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Handle the Recovery Phrase in a Will or Custodial Handover

Overview: What should you know about the scenario: How to Handle the Recovery Phrase in a Will or Custodial Handover?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Seal the recovery phrase and the handover instructions separately.
  2. Assign a trusted witness or lawyer as custodian.
  3. Emphasise in the document that the phrase must not be photographed or copied.
  4. When updating, destroy the old version of the instructions too.
  5. Periodically confirm the seal is unbroken.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

A Safe Way to Verify You Wrote the Recovery Phrase Correctly

Overview: What should you know about the scenario: A Safe Way to Verify You Wrote the Recovery Phrase Correctly?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Use the on-device check-phrase feature.
  2. Verify word by word as prompted — never type into any software.
  3. On error, rewrite the backup and destroy the old paper.
  4. Store the paper afterwards and record the check date.
  5. Keep everything offline — no photos.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Do You Need Multiple Copies When Backing Up the Recovery Phrase?

Overview: What should you know about the scenario: Do You Need Multiple Copies When Backing Up the Recovery Phrase?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Ensure you have at least two offline backups kept in separate locations.
  2. Keep each copy legible and moisture-proof.
  3. Don't create so many copies that the exposure surface grows.
  4. When you update a backup, destroy the outdated version.
  5. Log the number of copies and their locations for audit purposes.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Avoid Leaking the Private Key When Connecting to an Unfamiliar Computer

Overview: What should you know about the scenario: How to Avoid Leaking the Private Key When Connecting to an Unfamiliar Computer?

Key takeaway: Isolate the network first, then migrate remaining assets under a fresh recovery phrase, preserve evidence, and notify Ledger and the relevant platforms.

Action steps:

  1. Disconnect the network and unplug the device immediately.
  2. On a trusted device, initialise a new wallet with a fresh recovery phrase.
  3. Move remaining assets to the new address.
  4. Collect logs, transaction hashes, and chat records as evidence.
  5. Report to official support and any affected platform, and strengthen your security habits.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

What to Do When You Encounter a Ledger Phishing Attempt

Overview: What should you know about the scenario: What to Do When You Encounter a Ledger Phishing Attempt?

Key takeaway: Follow the official guidance and start by making sure the environment and the information source are trustworthy.

Action steps:

  1. Refuse to share your PIN or recovery phrase with any support rep or web page.
  2. Spot phishing copies of the official site and close them immediately.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Common Mistakes When Writing Down the Recovery Phrase

Overview: What should you know about the scenario: Common Mistakes When Writing Down the Recovery Phrase?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Identify the scenario and disconnect the network and device immediately.
  2. Confirm you're on the genuine domain and the authentic app.
  3. Check device prompts and Ledger Live security warnings.
  4. Work through the official documentation step by step, recording what you find.
  5. Contact official support if needed — never reveal your recovery phrase or PIN.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How the Device's Secure Element Protects the Private Key from Exposure

Overview: What should you know about the scenario: How the Device's Secure Element Protects the Private Key from Exposure?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Explain that the private key never leaves the device's secure element.
  2. No software interface ever needs the recovery phrase or PIN.
  3. When connecting to a computer, verify the official app and its certificate.
  4. Never disclose any key material through browser extensions or SMS.
  5. Keep device firmware and apps up to date.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

After Clicking a Malicious Link — Remediation Steps

Overview: What should you know about the scenario: After Clicking a Malicious Link — Remediation Steps?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Close the page and clear the browser cache.
  2. Disconnect the network and check for malicious extensions.
  3. Run a full antivirus scan.
  4. Rotate the recovery phrase and migrate to a new address.
  5. Monitor the account for a period to confirm no new anomalies.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

How to Keep Your Ledger Recovery Phrase Safe

Overview: What should you know about the scenario: How to Keep Your Ledger Recovery Phrase Safe?

Key takeaway: Follow the official guidance and start by making sure the environment and the information source are trustworthy.

Action steps:

  1. Refuse to share your PIN or recovery phrase with any support rep or web page.
  2. Spot phishing copies of the official site and close them immediately.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Someone Claims to Be Official Support and Asks for Your Recovery Phrase — What to Do

Overview: What should you know about the scenario: Someone Claims to Be Official Support and Asks for Your Recovery Phrase — What to Do?

Key takeaway: Scam prevention comes down to one thing: verify the domain and the certificate. Any request for your recovery phrase or PIN is a scam.

Action steps:

  1. Refuse flat-out anyone asking for your recovery phrase or PIN.
  2. Confirm official support speaks only through the official ticket and verification channels.
  3. Refuse remote-control software on your device.
  4. Preserve the chat as evidence and report the phishing account.
  5. Rotate the recovery phrase and migrate assets if needed.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Does Forgetting the PIN Put Your Assets at Risk?

Overview: What should you know about the scenario: Does Forgetting the PIN Put Your Assets at Risk?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Don't keep retrying incorrect PINs — the device will wipe itself.
  2. Use the recovery phrase on the device to restore.
  3. Set a new PIN after recovery and record how you remember it.
  4. Reconnect Ledger Live to confirm accounts are normal.
  5. Destroy any old backup that records the previous PIN.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer

Are Airdrop Links in Telegram/Community Groups Trustworthy?

Overview: What should you know about the scenario: Are Airdrop Links in Telegram/Community Groups Trustworthy?

Key takeaway: Your recovery phrase and PIN must never leak. Do every operation on the official device and app, and if something is wrong, stop using the device at once and migrate the assets.

Action steps:

  1. Treat airdrop links as untrusted by default — verify the official source first.
  2. Don't connect to unknown sites or sign suspicious transactions.
  3. Use watch-only mode to view assets and disable write access.
  4. Check whether the URL is impersonating the real domain.
  5. If you clicked by mistake, disconnect and isolate cold storage.

Safety reminder: Anyone asking for your recovery phrase or PIN is a scammer. Never enter the recovery phrase into software or webpages, use only official channels for updates and downloads, and migrate assets and report the incident immediately if anything looks off.

View Full Answer