Never enter your recovery phrase online; it’s a scam.
CZ reminds users that social platforms are frequent attack vectors.
Ledger acted fast, securing its Discord server and alerting users.
On May 11, the trusted hardware wallet provider Ledger confirmed a security breach involving its official Discord server. One hacker was able to gain access to a moderator’s account and used it to post a phishing message in a channel on one of the servers. The message pretended to warn users about a new Ledger wallet vulnerability and asked them to check their recovery phrases by visiting an imitation website.
The attacker crafted the message to appear legitimate, taking advantage of the trust users place in community moderators. The link, however, was part of a classic phishing scam. Any user who entered their seed phrase on the spoofed website unknowingly gave attackers full access to their wallet, putting their entire crypto portfolio at immediate risk.
CZ and Community Raise Red Flags
Former Binance CEO Changpeng Zhao (CZ) quickly addressed the incident, warning users via social media. CZ emphasized that seed phrases should never be shared, even in urgent-sounding messages that appear official. He also pointed out that social platforms like Discord remain weak links in the digital asset security chain.
Adding to the complication, a few community members attempted to warn others of the scam in real-time. Inadvertently, some users stated they were being muted or banned for attempting to report the phishing effort. That pause in action kept the scam message active for a longer duration, putting other unaware users at higher risk.
Ledger Reacts and Bolsters Security
In a formal release, Ledger explained that the Discord server was not directly hacked. Rather, the account of a third-party contractor moderator was temporarily compromised. The company responded quickly, revoking the access, deleting the scam link, and reporting the phishing site within an hour.
Ledger enforced a fundamental rule: it will never request recovery phrases from users, particularly via social media. The episode highlights the need to confirm communications through official channels alone and to remain ever-vigilant in the constantly changing crypto environment.
