A message appeared in Ledger’s Discord channel regarding a vulnerability that could threaten users’ seed phrases. It was discovered that this occurred due to a phishing attack, during which attackers compromised a third-party moderator’s account to post malicious content. Ledger representatives reported that the issue was resolved within an hour.
This is reported by Finway
On the morning of May 11, 2025, the account of one of the channel moderators in Ledger’s Discord messenger was compromised. An announcement was published claiming a supposed compromise of users’ seed phrases along with a phishing link.
Just got this security warning. Ledger’s Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site. Lessons: 1. Never give up your private key recovery phrases no matter who is doing the… — CZ BNB (@cz_binance) May 12, 2025
In a comment on his post, the Ledger team confirmed that the issue was resolved in less than an hour. According to them, the hack affected a third-party moderator’s account, which is not an employee of the company. The organization also denied information about the compromise of the channel itself and the administrators’ accounts. The hacked account was deleted, and “security measures have been strengthened,” although details were not disclosed.
The attacker, using this account, reported a supposed major vulnerability in the Ledger system and urged users to check their seed phrases through a special form, the link to which turned out to be a phishing site. Some participants in the Ledger Discord channel stated that the attacker blocked their accounts and deleted comments urging others not to visit the suspicious site.
Changpeng Zhao, former CEO of Binance, emphasized that two important lessons can be learned from this incident: the first is to never share your seed phrase, even if asked by someone claiming to be an official service provider; the second is that accounts of major players in the crypto space on social media and messaging platforms often become targets for security attacks.
At the time of writing, the number of victims of this phishing attack and the extent of the damage caused remain unknown. In response to a question from one user about compensation for the victims of this incident, Ledger representatives did not provide an answer. It was previously reported that some Ledger clients, whose addresses were exposed due to a data leak, received physical letters, allegedly from the company, which also turned out to be fraudulent.