Hardware wallet provider Ledger has restored security to its official Discord server after a malicious breach on May 11, in which a compromised moderator account was used to disseminate phishing links targeting users’ recovery phrases.
Quintin Boatwright, a member of Ledger’s team, addressed the incident directly on the server, explaining that the situation was “quickly contained.” He confirmed the rogue account was removed, the malicious bot deleted, and permissions reviewed to bolster server security. The fake site was also reported.
According to Ledger’s internal response, the attacker gained control of a community moderator’s Discord account and deployed a bot that posted deceptive messages on one of the server’s channels. The fraudulent posts urged members to verify their seed phrases via an external site under the pretence of a newly discovered vulnerability in Ledger’s systems, according to several posts on X.
However, community members have raised concerns that the attacker exploited moderator-level permissions to ban or mute users who tried to sound the alarm, potentially delaying Ledger’s response.
This latest attempt to steal seed phrases adds to a worrying trend. Just last month, Ledger users reported receiving physical scam letters mimicking official Ledger correspondence. These letters, featuring the company’s logo, mailing address, and a fabricated reference number, instructed recipients to scan a QR code and enter their recovery phrase—another method to hijack funds from unsuspecting wallet owners.
Some victims speculated that the scammers might be leveraging data leaked in a major 2020 breach when over 270,000 Ledger customer records—including names, phone numbers, and home addresses—were dumped online. In 2021, Ledger users also reported receiving tampered hardware wallets through the mail, which had been modified to install malware.
While Ledger has emphasized that the Discord breach was an isolated case, these phishing attempts’ growing sophistication and persistence highlight the ongoing risks in the crypto space. The firm says it has implemented additional safeguards to prevent similar incidents and urges users to remain vigilant, reminding them that no legitimate service will ever ask for their seed phrases.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
