Ledger Recovers Discord Server After Phishing Scam Hits Moderator

Crypto hardware wallet provider Ledger has confirmed its Discord server is secure following a targeted phishing attack on May 11.

The breach occurred after an attacker gained access to the account of a contracted community moderator. Using that access, the attacker deployed a bot that posted scam links designed to trick users into revealing their 24-word recovery phrases.

The fraudulent message claimed a vulnerability had exposed sensitive user data including shipping details and transaction histories linked to recovery phrases. It urged users to verify their seed phrases by visiting a fake website, falsely described as an official Ledger page.

An attacker hacked into the account of a community administrator of the hardware wallet company Ledger, impersonated the official to issue a false security vulnerability warning, and induced users to click on phishing links to submit their seed phrases, thereby stealing assets.…

— Wu Blockchain (@WuBlockchain) May 12, 2025

Mod Account Removed, Bot Deleted as Ledger Responds to Discord Attack

According to Ledger team member Quintin Boatwright, the breach was quickly contained. Specifically, the compromised moderator account was removed, the malicious bot was deleted, the phishing website was reported and internal permissions were reviewed and secured. As Boatwright explained, the issue was resolved promptly and appeared to be an isolated incident.

However, some community members raised concerns about how the attack was handled. They alleged that the attacker used moderator privileges to ban or mute users who attempted to report the scam. As a result, Ledger’s response may have been delayed. Nevertheless, no confirmed user losses have been reported so far.

Fake Letters and Malware Devices Show Persistent Threats to Ledger Users

The incident is part of a broader pattern of scams targeting Ledger’s user base. In April, scammers sent fake physical letters to hardware wallet owners. These letters asked users to scan QR codes and enter their recovery phrases on spoofed websites.

The messages used Ledger’s branding and referenced customer data leaked in a 2020 breach. That breach exposed names, phone numbers and addresses of over 270,000 users.

Previously, the company also dealt with cases where users received tampered Ledger devices. These devices were modified to install malware when used.

In response, Ledger has strengthened access controls on its Discord server. It has also reminded users that they will never be asked to share their recovery phrases.

The company continues to monitor for suspicious activity and encourages users to report any unusual behavior through official support channels.