Ledger, a leading cryptocurrency hardware storage company, recently faced a security breach when a hacker gained unauthorized access to a moderator’s account on its official Discord server. The attacker used this access to spread phishing links, putting users’ sensitive information at risk.
The breach was quickly identified and contained by Ledger’s team. Quintin Boatwright, a Ledger team member, confirmed that the compromised moderator account was removed, the malicious bot was deleted, and the phishing website was reported. Ledger also took additional measures to strengthen its Discord server security, including new permission restrictions and control mechanisms.
Phishing Scam Details
The attacker used the compromised account to invite community members to enter their seed phrase on an external website. Users who tried to warn others about the scam were muted or kicked out of the channel. This incident is part of a larger phishing campaign targeting Ledger users. Some users received physical letters that appeared to be official communications from Ledger, asking them to verify their devices on a fraudulent website.
- Users were directed to a fake website where they were asked to enter their recovery phrase.
- Those who did so lost access to their assets.
- The data used for this operation likely came from a 2020 Ledger database leak.
Ledger has reiterated that it never asks users to share their seed phrase through any channel, including messaging platforms. The company warned users never to enter their recovery phrase or connect their wallet via a link on Discord.
Aftermath and Community Reaction
The Ledger community has received the company’s actions with caution. The repeated scams highlight the need for more robust verification and monitoring mechanisms on official channels. The incident emphasizes the importance of user education on security best practices within the crypto ecosystem, particularly for those relying on hardware storage solutions like Ledger.
Ledger’s quick response to the breach has helped minimize the damage. The phishing website used in the attack appears to have been taken down, reducing the potential harm.