On Monday, a phishing scam hit the Ledger Discord server, and it wasn’t your average fake link. The attacker used a compromised admin account to drop a fake security alert, warning users of a so-called vulnerability in Ledger’s system. The message claimed that shipping details, transaction history, and even 24-word recovery phrases may have been exposed.
Just got this security warning.
Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site.
Lessons:
1. Never give up your private key recovery phrases no matter who is doing the…
— CZ 🔶 BNB (@cz_binance) May 12, 2025
“Ledger’s Discord admin account was hacked,” CZ wrote on X. “The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site.”
The fake post even linked to a shady-looking site disguised as a “verification portal,” promising to check if users were affected and offer compensation. Of course, the real goal was to steal their wallet recovery phrases.
Ledger later confirmed that their internal systems are fine. What actually happened was a classic social engineering move. A contractor’s account got compromised, and the attacker used it to sound like an official voice from the Ledger team.
The post looked legit. It had the usual “your security is our top priority” language and asked users to connect wallets and verify their phrases. But the website link? Fake. The vulnerability? Non-existent$BNB $SOL $BTC
