Late Saturday night, Ledger users saw a suspicious announcement on the company’s Discord server — followed by a statement that Ledger had regained control of Discord after account compromise. The incident was quickly contained, the moderator account was deactivated, and amid a rise in phishing attacks targeting customers, the company is stepping up its security measures.
More on the Ledger Discord Moderator Account Breach
Earlier tonight, numerous posts began appearing on X about a suspicious announcement on the Ledger Discord server. The situation was particularly dangerous because the announcement came from a server moderator, and it was first flagged by those who had read the user agreement and were familiar with how Ledger products and services actually work.
Many users began sharing screenshots along with posts like:
“I think Ledger Discord has been hacked and this announcement is fake (link blurred out). Be careful. Never enter your seed phrase anywhere no matter what anyone tells you.”
This was far from the only such post circulating on X. The announcement looked suspicious for several reasons — most notably because it contained links to external sites and, critically, asked users to enter their seed phrase, which is never required for any action other than logging in or recovering an account.
And the users were right: later on, a new announcement was posted to the server, in which Ledger representative Quintin Boatwright stated that the incident had been quickly contained. The malicious bot was removed, the compromised account was taken down, the phishing site was reported, and all server permissions were reviewed. He also confirmed that a permissions audit had been conducted to prevent a similar scenario in the future. Importantly, he reiterated that Ledger never asks for a seed phrase – especially not via Discord or third-party websites.
Conclusion
Once again, this serves as a reminder that attackers increasingly rely on indirect methods of compromise since blockchain-based systems are inherently difficult to breach directly. These methods may involve third-party services and integrations compromising, as seen with Atomic and Exodus wallets recently. Or simply classic social engineering, exploiting the fact that the weakest point in any system is often a human, especially one who isn’t paying close attention.
