Ledger secures Discord after hacker bot tried to steal seed phrases

Hardware wallet provider Ledger has confirmed its Discord server is secure again after an attacker compromised a moderator’s account to post scam links on May 11 to trick users into revealing their seed phrases on a third-party website.

“One of our contracted moderators had their account compromised, which allowed a malicious bot to post scam links in one channel,” Ledger team member Quintin Boatwrightwroteon the Ledger Discord server.

Some members in Ledger’s Discord channelclaimedthe attacker abused moderator privileges to ban and mute them as they tried to report the breach, possibly slowing Ledger’s reaction.

Boatwright said the security breach was an isolated incident and that Ledger has taken additional measures to strengthen its security on Discord, a chat platform many crypto projects use to share protocol developments and engage with their community.

Using the compromised Ledger community manager account, the hacker told Ledger Discord members that there was a recently discovered vulnerability in the firm’s security systems and strongly urged all users to verify theirrecovery phraseswith a scam link,accordingto several screenshots shared on X.

Ledger users were asked to connect their wallets and follow on-screen instructions.

It isn’t clear whether anyone was affected by the security breach. Cointelegraph has reached out to Ledger for comment.

Ledger scammers were sending physical letters last month

In April, scammers weremailing physical letters to ownersof Ledger hardware wallets, asking them to validate their private seed phrases in a bid to access and empty the wallets.

The letter used Ledger’s logo, business address and a reference number to feign legitimacy and asked users to scan a QR code and enter the wallet’srecovery phrase.

One Ledger user who received the letter speculated whether scammers were sending letters to Ledger customers whose data was leaked in July 2020.

Related:Jameson Lopp: Most don’t realize how easy self-custody has become

That incident saw a hackerbreach Ledger’s databaseand dump the personal information of over 270,000 of its customers online, which included names, phone numbers and home addresses.

The following year, several Ledger users claimed to have been mailedfake Ledger devicesthat were tampered with and designed to install malware upon use, Bleeping Computerreportedat the time.

Magazine:ChatGPT a ‘schizophrenia-seeking missile,’ AI scientists prep for 50% deaths

Explore more articles like this

Subscribe to the Markets Outlook newsletter

Get critical insights to spot investment opportunities, mitigate risks, and refine your trading strategies. Delivered every Monday

By subscribing, you agree to ourTerms of Services and Privacy Policy