Ledger Discord Server Compromised, Phishing Links Shared Amid Security Breach

Ledger, a leading hardware wallet provider, recently faced a significant security breach on its Discord server. The breach involved the compromised account of an external moderator, which was used to disseminate phishing links. According to Ledger's official statement, the server's security has since been restored.

Quentin Bottright, a Ledger representative, explained on May 11 (local time) that the breach occurred through the hacked account of an externally contracted administrator. This allowed a malicious bot to post phishing links in specific channels on the Discord server. Bottright assured, "The issue was promptly addressed," noting that the compromised account was removed, and the malicious bot fully deleted. He added, "The problematic website has been reported, and all relevant permissions have been reviewed and secured."

Users Report Delayed Response Due to Admin Exploitation

Some users claimed that the hacker exploited administrative privileges to ban or mute members reporting the phishing links. These actions may have delayed Ledger's initial response to the incident, according to user reports.

Bottright emphasized that the breach was an isolated incident and assured that additional measures are now in place to enhance Discord's security. Ledger has issued a statement urging users not to input recovery phrases (seed phrases) or connect their wallets via links shared on Discord.

Hacker's Sophisticated Social Engineering Attack

Utilizing the compromised administrator account, the attacker falsely claimed a new security vulnerability in Ledger’s system. They urged users to verify their recovery phrases through a phishing link, pretending to address this supposed vulnerability. Multiple screenshots shared on X (formerly Twitter) revealed that users were directed to connect their wallets through the phishing link and follow on-screen instructions.

A user on X, @ecurrencyhodler, highlighted the incident and shared screenshots of the phishing attack:
"Hey @Ledger, a community mod’s account has been compromised and is currently social engineering an attack on your Discord channel."
pic.twitter.com/nsFdYZ8izD
— ecurrencyhodler (@ecurrencyhodler) May 11, 2025

Scope of Damage Yet to Be Determined

As of now, there are no confirmed reports of financial losses or affected victims resulting from this phishing attack. Blockchain-specialized outlet Cointelegraph has reached out to Ledger for further comments regarding the incident.

History of Phishing Attempts Targeting Ledger Users

This is not the first time Ledger users have been targeted by phishing schemes. In April, hackers sent physical mail to Ledger hardware wallet owners, instructing them to verify their recovery phrases. These fraudulent letters mimicked official Ledger correspondence, using Ledger's logo, business address, and reference numbers to appear legitimate. The letters included QR codes redirecting users to phishing sites designed to steal wallet recovery phrases.

Ledger consistently advises users to exercise caution and reiterates that recovery phrases should never be shared, especially through unofficial platforms or unverified links.