Crypto {hardware} pockets supplier Ledger has confirmed its Discord server is safe following a focused phishing assault on Could 11.
The breach occurred after an attacker gained entry to the account of a contracted neighborhood moderator. Utilizing that entry, the attacker deployed a bot that posted rip-off hyperlinks designed to trick customers into revealing their 24-word restoration phrases.
The fraudulent message claimed a vulnerability had uncovered delicate consumer knowledge together with delivery particulars and transaction histories linked to restoration phrases. It urged customers to confirm their seed phrases by visiting a faux web site, falsely described as an official Ledger web page.
An attacker hacked into the account of a neighborhood administrator of the {hardware} pockets firm Ledger, impersonated the official to problem a false safety vulnerability warning, and induced customers to click on on phishing hyperlinks to submit their seed phrases, thereby stealing property.…
— Wu Blockchain (@WuBlockchain) Could 12, 2025
Mod Account Eliminated, Bot Deleted as Ledger Responds to Discord Assault
Based on Ledger workforce member Quintin Boatwright, the breach was shortly contained. Particularly, the compromised moderator account was eliminated, the malicious bot was deleted, the phishing web site was reported and inside permissions had been reviewed and secured. As Boatwright defined, the difficulty was resolved promptly and gave the impression to be an remoted incident.
Nevertheless, some neighborhood members raised issues about how the assault was dealt with. They alleged that the attacker used moderator privileges to ban or mute customers who tried to report the rip-off. In consequence, Ledger’s response might have been delayed. Nonetheless, no confirmed consumer losses have been reported up to now.
Faux Letters and Malware Gadgets Present Persistent Threats to Ledger Customers
The incident is a part of a broader sample of scams focusing on Ledger’s consumer base. In April, scammers despatched faux bodily letters to {hardware} pockets homeowners. These letters requested customers to scan QR codes and enter their restoration phrases on spoofed web sites.
The messages used Ledger’s branding and referenced buyer knowledge leaked in a 2020 breach. That breach uncovered names, cellphone numbers and addresses of over 270,000 customers.
Beforehand, the corporate additionally handled instances the place customers obtained tampered Ledger units. These units had been modified to put in malware when used.
In response, Ledger has strengthened entry controls on its Discord server. It has additionally reminded customers that they are going to by no means be requested to share their restoration phrases.
The corporate continues to watch for suspicious exercise and encourages customers to report any uncommon conduct by way of official help channels.
The publish Ledger Recovers Discord Server After Phishing Rip-off Hits Moderator appeared first on Cryptonews.