Ledger’s Discord server just got hit, and not by some small-time crook. A hacker took over a moderator’s account and started spreading phishing links like wildfire.
The target? Your precious wallet seed phrases.
Access
On the weekend, the attacker hijacked a moderator’s account and blasted out messages claiming there was a fresh vulnerability in Ledger’s system.
The scam urged users to verify their seed phrases by clicking a dodgy link.
If you fell for it, you’d be handing over the keys to your crypto vault, no questions asked.
Ledger’s own guy, Quintin Boatwright, said they jumped on it fast, kicked out the compromised mod, nuked the malicious bot, reported the scam site, and tightened security like Fort Knox.
Yeah it's super sketchy. The claim that the seed phrases were leaked seems a little far fetched. Similar to what you said, I tried inquiring further and got timed out. I'll retweet your warning. Thx
— Earthling (@SirEarthling) May 11, 2025
But it gets messier. Some people in the community say the hacker used those mod powers to ban and mute users trying to sound the alarm.
So, instead of a quick heads-up, the scam got a little runway to spread. Classic move, silence the whistleblowers, delay the response.
And screenshots of those fake warnings were all over X, making the rounds like wildfire.
Infection
Now, this isn’t Ledger’s first rodeo with scammers. Back in April, bad actors sent out physical letters to Ledger customers.
These weren’t your grandma’s spam flyers, they looked legit, branded with Ledger’s logo, and pushed users to scan QR codes and enter recovery phrases for security checks.
Many reckon these mailings tie back to a 2020 data breach where hackers leaked personal info of over 270,000 Ledger customers, names, phone numbers, addresses, every freakin’ thing.
And if that wasn’t enough, some users even reported receiving fake Ledger devices loaded with malware the following year. Talk about being targeted by pros.
Vulnerabilities
And while Ledger’s battling phishing storms, the crypto industry’s got its own drama. Ethereum’s latest Pectra upgrade brought in EIP-7702, which security experts are calling a critical vulnerability.
It lets hackers potentially take over wallets without the user’s say-so.
On the BNB Chain front, Mobius Token got drained for $2.15 million thanks to a malicious smart contract that swapped stolen tokens for stablecoins. Yeah, the bad guys are busy, no doubt.
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
