Hardware wallet manufacturer Ledger, has reestablished secure operations on its Discord server following an incident where a hacker attempted to extract seed phrases by exploiting a compromised moderator account. This incident occurred on May 11th, with the attacker utilizing the breached account to disseminate scam links, tricking users into unveiling their seed phrases on a third-party site.
“A moderator under contract had their account hacked, which enabled a malicious bot to post scam links in one of our channels,” Ledger associate, Quintin Boatwright, shared on the Ledger Discord server. “The issue was swiftly addressed: the breached account was deleted, the bot was eliminated, the website was reported, and all requisite permissions were scrutinized and safeguarded.”
Some members of Ledger’s Discord channel reported that the attacker, exploiting moderator privileges, banned and silenced them when they tried to report the breach. This may have delayed Ledger’s response. However, Boatwright reassured that this security breach was a singular occurrence and that Ledger has implemented additional measures to fortify its Discord server security.
Using the compromised Ledger community manager account, the hacker informed Ledger Discord members of a recently discovered flaw in the company’s security systems. He then strongly encouraged all users to validate their recovery phrases using a fraudulent link. Screenshots of this activity were shared on X. Ledger users were instructed to connect their wallets and follow the instructions provided on-screen. The impact of this security breach remains unclear.
In a related event last month, scammers sent physical letters to Ledger hardware wallet owners, requesting them to authenticate their private seed phrases in an attempt to gain access and drain the wallets. These letters, bearing the Ledger logo, business address, and a reference number, were intended to appear legitimate and instructed users to scan a QR code and input their wallet’s recovery phrase.
Following a data leak in July 2020, where a hacker breached Ledger’s database exposing the personal information of over 270,000 customers, there were speculations that the scammers might be targeting the affected Ledger customers. The leaked data included names, phone numbers, and residential addresses. The subsequent year, several Ledger users reported receiving tampered Ledger devices in the mail that were designed to install malware upon usage.
