Hardware wallet maker Ledger has regained control of its Discord server after a moderator’s compromised account was used to spread phishing links targeting users’ seed phrases. According to an announcement on the official Discord server, the breach occurred on May 11 after an attacker took over a contracted moderator’s account. Using the elevated privileges, the attacker deployed a bot to post scam links in one of the channels, directing users to a malicious website that mimicked a Ledger verification page. “The issue was quickly contained: the compromised account was removed, the bot was deleted, the website was reported, and all relevant permissions were reviewed and secured,” said Ledger staff member Quintin Boatwright in the May 11 Discord post. To target users, the attacker issued a fake security warning that claimed a vulnerability had been discovered in Ledger’s systems. Users were urged to “verify” their recovery phrases via a provided link, which led to a fraudulent third-party website. You might also like: Exclusive: Ledger taps Transak to power secure crypto-to-fiat withdrawals The phishing site mimicked an official Ledger interface and instructed users to connect their wallets and enter their 24-word seed phrases under the guise of a critical update. The setup was designed to harvest sensitive credentials and gain full access to a victim’s crypto assets. Screenshots of the scam post quickly circulated on X, prompting warnings from security analysts and further scrutiny of Ledger’s community management protocols. See below. Hey @Ledger a community mod's account has been compromised and is currently social engineering an attack on your discord channel. pic.twitter.com/nsFdYZ8izD — ecurrencyhodler (@ecurrencyhodler) May 11, 2025 According to some community members, the attacker used moderator rights to mute and ban users who attempted to warn others about the scam, possibly delaying Ledger’s initial response. While it remains unclear whether any users fell victim to the phishing attempt, the incident follows a string of similar scams targeting hardware wallet customers. As previously rep orted by crypto.news, Ledger customers were recently targeted in a phishing campaign involving fake letters sent by mail bearing Ledger’s branding, a return address, and a fabricated reference number. It urged recipients to scan a malicious QR code and enter their 24-word recovery phrase, under the false pretext of a required security update. Ledger is not the only wallet provider that has dealt with security threats. In March, Ledger’s security research team, Donjon, disclosed a vulnerability in rival manufacturer Trezor’s Safe hardware wallets, warning that the devices could still be physically hacked due to a vulnerability in the microcontroller used to perform critical cryptographic operations. Notably, the chip is vulnerable to voltage glitching attacks, which can allow an attacker to extract or manipulate data stored in the device by briefly altering power input during operations. Several crypto influencers have since commented on the exploit, including former Binance CEO Changpeng Zhao. Just got this security warning. Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site. Lessons: 1. Never give up your private key recovery phrases no matter who is doing the… — CZ 🔶 BNB (@cz_binance) May 12, 2025 Read more: Ledger hardware wallet’s users targeted by mail, reportedly exploiting data leaked in 2020 breach
