Ledger, a leading hardware wallet provider, experienced a security breach when hackers compromised a community moderator account on its Discord server. The attackers used the privileged account to post phishing links, attempting to trick users into revealing their 24-word recovery phrases. This incident has heightened security concerns among Ledger’s user base, who are still mindful of a major 2020 data breach that exposed sensitive user information.
Ledger responded by removing the compromised moderator and deleting the malicious bot responsible for spreading the scam. The phishing attempt was contained swiftly, and no confirmed losses from affected users have been reported so far. However, some community members raised issues regarding the initial handling of the attack, alleging that the hacker also muted or banned users trying to warn others, potentially causing delays in mitigation.
This latest phishing scam is part of a broader trend targeting Ledger users using social engineering tactics. Previously, attackers have sent spoofed physical letters and tampered devices to trick hardware wallet owners, often referencing the earlier data leak. Ledger reiterated that it will never ask for recovery phrases and urged users to stay vigilant against unsolicited requests.
The company has since reviewed and tightened access controls on its Discord server, continues to monitor for malicious activity, and encourages users to report suspicious behavior through official channels.