The sponsored result that cost 8.2 BTC

April 2025. A holder in Salt Lake City Googles "Ledger Live download" because he just received his new Ledger Nano S Plus. The top result is a Google Ad: ledger-live-app.com. He clicks, downloads the "Ledger Live" .dmg, and runs through setup. The fake app prompts him to type his 24 words "to verify the device." The drainer waits two days, then takes 8.2 BTC.

The Google Ads loophole

Google has policies against impersonation, but enforcement is reactive. A scammer can buy ads against "ledger live download," "trezor suite download," "exodus wallet" — and the ad runs for hours or days before Google's review pipeline catches it. The cost per click is high, but the conversion rate makes it profitable.

The four rules for downloading any wallet software

  • Skip every sponsored result on Google. Scroll past the ads to the organic results. The first organic result is almost always the real one. Better: type the URL by hand if you remember it.
  • Verify the URL character by character. ledger.com is real. ledger-live.com, ledger-app.com, ledgerlive-app.com, ledger-wallet.io are all fake. The real Ledger Live is hosted on ledger.com.
  • Verify the download's signature. Ledger publishes a PGP-signed checksum for every release. Most users will not check this, but if you are moving meaningful money, learn the verification workflow once and run it every time.
  • Real Ledger Live does not ask for the 24 words during setup. The setup flow asks you to confirm the device is connected, then walks through PIN setup and seed-phrase backup — but the phrase is generated and displayed on the device screen, not typed into the computer.

What to do if you typed the 24 words

The seed phrase is permanently compromised. Set up a new Ledger device with a new seed. Move every asset to addresses derived from the new seed, immediately. Sell the compromised device or repurpose it as a non-money device (testnet, dev work).

The rule I follow

I have ledger.com, trezor.io, bitcoin.org, and the URLs of two exchanges saved as Firefox bookmarks. I never type those URLs and I never search for them. Bookmark or nothing.