Hardware wallet maker Ledger has regained control of its Discord server after a moderator’s compromised account was used to spread phishing links targeting users’ seed phrases.
According to an announcement on the official Discord server, the breach occurred on May 11 after an attacker took over a contracted moderator’s account.
Using the elevated privileges, the attacker deployed a bot to post scam links in one of the channels, directing users to a malicious website that mimicked a Ledger verification page.
“The issue was quickly contained: the compromised account was removed, the bot was deleted, the website was reported, and all relevant permissions were reviewed and secured,” said Ledger staff member Quintin Boatwright in the May 11 Discord post.
To target users, the attacker issued a fake security warning that claimed a vulnerability had been discovered in Ledger’s systems. Users were urged to “verify” their recovery phrases via a provided link, which led to a fraudulent third-party website.
The phishing site mimicked an official Ledger interface and instructed users to connect their wallets and enter their 24-word seed phrases under the guise of a critical update. The setup was designed to harvest sensitive credentials and gain full access to a victim’s crypto assets.
Screenshots of the scam post quickly circulated on X, prompting warnings from security analysts and further scrutiny of Ledger’s community management protocols. See below.
According to some community members, the attacker used moderator rights to mute and ban users who attempted to warn others about the scam, possibly delaying Ledger’s initial response.
While it remains unclear whether any users fell victim to the phishing attempt, the incident follows a string of similar scams targeting hardware wallet customers.
As previously reported by crypto.news, Ledger customers were recently targeted in a phishing campaign involving fake letters sent by mail bearing Ledger’s branding, a return address, and a fabricated reference number.
It urged recipients to scan a malicious QR code and enter their 24-word recovery phrase, under the false pretext of a required security update.
Ledger is not the only wallet provider that has dealt with security threats. In March, Ledger’s security research team, Donjon, disclosed a vulnerability in rival manufacturer Trezor’s Safe hardware wallets, warning that the devices could still be physically hacked due to a vulnerability in the microcontroller used to perform critical cryptographic operations.
Notably, the chip is vulnerable to voltage glitching attacks, which can allow an attacker to extract or manipulate data stored in the device by briefly altering power input during operations.
Several crypto influencers have since commented on the exploit, including former Binance CEO Changpeng Zhao.
