Information about a vulnerability that could affect users’ seed phrases appeared in the Ledger Discord channel. This announcement turned out to be part of a phishing attack, during which attackers hacked a third-party moderator’s account and posted malicious content. Ledger confirmed that the issue was resolved within an hour.
This is reported by Business • Media
On the morning of May 11, 2025, the account of one of the channel moderators in Ledger’s Discord messenger was hacked, and a message was published claiming a supposed compromise of users’ seed phrases, which contained a phishing link. This incident was noted by former Binance CEO Changpeng Zhao, who tweeted:
Just got this security warning. Ledger’s Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site. Lessons: 1. Never give up your private key recovery phrases no matter who is doing the… — CZ BNB (@cz_binance) May 12, 2025
In a comment on his post, the Ledger team noted that the issue was resolved in less than an hour. According to the company, the hacked account belonged to a third-party moderator who is not an employee of Ledger. The organization also denied information about the compromise of the channel itself and the administrators’ accounts. The hacked account was deleted, and security was enhanced, although details remain unknown.
The attacker, using the hacked account, reported a supposed major vulnerability in the Ledger system and urged users to check their seed phrases through the phishing link. Some participants in the Ledger Discord channel noted that the attacker blocked their accounts and deleted comments warning against visiting the suspicious site.
Zhao emphasized two important lessons from this incident: never share your seed phrase, even if the request comes from a supposedly official service provider, and respond to potential security threats in the accounts of major players in the crypto sphere.
At the time of writing, it is unknown how many users were affected by this phishing attack and what damages were incurred. When one user asked about possible compensation for the victims of this incident, Ledger did not provide any response. It was previously reported that some Ledger clients, whose addresses were revealed during a data leak, received physical letters from a supposed company, which also turned out to be a fraudulent scheme.