Ledger Discord Compromised via Mod Account, Users Targeted in Seed Phrase Scam

On May 11, 2025, Ledger’s official Discord server suffered a phishing attack. A hacker compromised the account of a contracted moderator and posted a fake announcement, posing as an “urgent fix” for a newly discovered vulnerability. 

The message instructed users to submit their seed phrases for a supposed “security check.” Ledger’s team swiftly regained control of the server, removed the malicious content, and announced enhanced security measures in response.

The attack originated from the compromised account of an external moderator on Ledger’s Discord server. After gaining access, the hacker deployed a malicious bot that posted a phishing message in one of the channels. 

Meanwhile, the community reacted instantly. Users who noticed the suspicious activity attempted to warn others, but the attacker, using the moderator’s permissions, muted or banned them. On X, users began sharing widespread alerts, accusing Ledger of a slow response and a lack of public communication.

One user noted this was the second incident in two years involving a breach of Ledger’s infrastructure, fueling a fresh wave of distrust toward the brand.

Ledger Responds: Removal, Block, and Warning

Ledger responded swiftly to the incident. 

• Removed the compromised moderator account
• Deactivated the malicious bot
• Blocked the phishing site linked in the fake message

You might also like: Bots in Crypto: Their Roles, Impacts, and Detection Methods

In an official statement, a Ledger representative confirmed that the company had conducted a full audit, including a review of all moderator permissions on the server. The company also reinforced its internal Discord security measures to prevent future incidents.

The issue was quickly contained: the compromised account was removed, the bot was deleted, the website was reported, and all relevant permissions were reviewed and secured.

Ledger once again urged users to never enter their seed phrase on any platform, including Discord, email, or messaging apps. Remember, your seed phrase is the key to your wallet—leak it, and you lose everything

Ledger Discord Hack Reveals Another Weak Spot in Web3 Security

The incident highlights that even industry leaders like Ledger remain exposed, particularly through external platforms and third-party personnel. The compromise of a Discord moderator served as the attack vector, targeting not technical vulnerabilities but user trust in official communication channels.

The phishing message mimicked a routine security alert, exploiting Discord’s familiarity and perceived safety as a news source for many users. This turns widely used platforms into effective tools for social engineering attacks.

More on the topic: Social Engineering in Crypto: Top 5 Fraud Schemes

Furthermore, the incident adds to a growing list of concerns. In April 2025, Ledger users were targeted with phishing emails containing QR codes and prompts to enter their seed phrases. At the time, attackers likely used data leaked in the 2020 Ledger breach.

That breach exposed the personal details of over 270,000 customers, including names, addresses, and phone numbers.

Recurring incidents like these continue to erode trust, not just in Ledger as a brand, but in the broader concept of self-custody, particularly among less experienced users. They highlight the need for tighter access control and better storage practices.

You might also like: Ledger Co-Founder Freed After Kidnapping in France