Hardware wallet company Ledger has confirmed the security of its Discord server following a hacking incident involving a community administrator’s account. The attack saw hackers impersonate an official Ledger team member to distribute phishing links designed to steal user seed phrases.
“Our Discord server is now secure. Earlier today, a moderator account was compromised. The attacker posted a fake security vulnerability warning and tried to get users to verify their recovery phrases through a scam link,” Ledger stated in an official announcement after resolving the incident.
The phishing attempt specifically targeted Ledger users by creating a false sense of urgency around a nonexistent security vulnerability. Using the compromised moderator account, the attackers crafted a convincing message claiming sensitive user data had been exposed. This includes shipping details, 24-word recovery phrases, and transaction information.
Binance founder warns of sophisticated tactics
Binance founder Changpeng Zhao (CZ) was among the first to alert the crypto community about the attack. In a tweet, CZ shared screenshots of the fraudulent message and offered key security reminders.
“Just got this security warning. Ledger’s Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site,” CZ wrote.
The fake announcement directed users to visit “fakeverify-ledger.appchanged/” where they would supposedly check if their recovery phrases had been compromised. In reality, entering seed phrases on this site would immediately grant attackers full access to cryptocurrency wallets.
CZ emphasized two critical security lessons: “1. Never give up your private key recovery phrases no matter who is doing the asking. 2. Social network accounts for a crypto company are often the weakest links.”
Security experts note that this attack shows how social engineering continues to be the primary vector for cryptocurrency theft, rather than technical vulnerabilities in hardware wallets themselves.
The attackers showed maturity in their attack by first breaching an authorized account. They then sent a message that was simulated to appear like official security notifications. The attackers also took advantage of users’ paranoia over security breaches to create pressure, something common in successful phishing attacks.
Ledger has always repeated that the company would never ask users for their 24-word recovery words under any circumstances. This fact was reaffirmed in their post-attack statements.
Ledger has confirmed that there is no actual security vulnerability in their hardware wallets in relation to this incident. The company is still investigating how the moderator account was taken over and is implementing additional security measures for community management staff.
