Just got this security warning.
Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site.
Lessons:
1. Never give up your private key recovery phrases no matter who is doing the asking.
2. Social network accounts for a crypto company are often the weakest links.
Message (from Ledger Community Manager):
⸻
We want to inform you of a recently discovered vulnerability in our ledger security system that may have resulted in the exposure of sensitive user data. The potentially affected user data may include:
• Shipping details
• 24-word recovery phrases
• Transaction data linked to recovery phrases Your security is our top priority.
We strongly urge all users to verify the integrity of their recovery phrases by following the steps below:
1. Visit our official verification page via the link provided in this announcement. fakeverify-ledger.appchanged/
🔎
2. Connect your wallet by following the on-screen instructions.
3. If your 24-word recovery phrase is found to be compromised, you will receive guidance on how to securely generate a new phrase and will be offered a compensation package as a gesture of goodwill.
Thank you for your attention and cooperation. — The Ledger Team Member
