Ledger regains control of Discord after hackers hijack moderator account

Hardware wallet manufacturer Ledger has successfully regained control of its Discord server after a hacker compromised an account, leading to a brief but alarming security breach.

The breach triggered alarm among community members, raising fears over the safety of their crypto assets.

Ledger team member Quintin Boatwright said that one of their contracted moderators had their account compromised, which allowed a malicious bot to post scam links in one of the channels.

The hacker then prompted users to a secondary website and type in their recovery phrase, a private code that gives users complete access to their crypto wallets.

Individuals who attempted to caution others in the chat were either muted or banned. The attacker employed computer bots to overwhelm these users and prevent them from speaking out against the scam enough to prevent its rapid spread.

The Ledger team moved fast. They uninstalled the bot, deactivated the account, flagged the reported scam website, and audited all permissions. This helped cut the losses before the fallout could spread.

Ledger responds swiftly to security breach

After the server was regained, the Ledger was set to work on increasing security.

Boatwright said that additional safeguards had been put in place to ensure that that couldn’t happen again. He also called attention to a fundamental rule for the community: never enter a recovery phrase or connect a wallet through any links shared on Discord.

The phony website had already been removed by Sunday morning. But the harm could not be entirely assessed immediately.

This is not the first time scammers have attempted to deceive Ledger users. Some Ledger customers were recently targeted in a separate scam, receiving physical letters that directed them to a site where they could “verify” their device by entering their seed phrase. The letters bore Ledger’s official logo, and the information may have been gleaned from a prior hack of Ledger’s database in 2020.

Industry leaders tighten crypto security in response to threats

The Ledger Discord hack is the latest escalation in phishing attacks against the crypto industry. In 2024, phishing scams caused more than $1 billion in losses across nearly 300 events, making it the most expensive attack vector in the industry.

One of the deadliest thefts in 2025, cryptocurrency firm Bybit said hackers stole $1.5bn (£1.1bn) worth of digital currency in what could be the biggest crypto theft in history. In January 2025, over 9,200 individuals were defrauded of $10.25 million in an elaborate phishing campaign against Ethereum users.

To counter these threats, the crypto industry is upping its security game. Platforms are deploying multi-factor authentication, making user education on cybersecurity risks and best practices part of their priority to limit phishing attempts. Security allies and white-hat hacker collectives have also organized to pool information and collaborate on responding to new threats.

Nationally and internationally, worries about politically motivated cyberattacks have mounted. North Korea’s Lazarus Group has been connected to several high-profile crypto thefts, such as July 2024’s $234.9 million hack of India exchange WazirX. 

According to people familiar with the plans, G7 leaders may discuss North Korea’s malicious cyber activities and crypto hacks at a summit in Canada next month, reflecting mounting global concerns over Pyongyang’s growing online thefts.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More