Ledger regains control of Discord after hackers hijack moderator account

[rdluffy]

Now what's worrying is the possibility of someone hacking into an official X or Discord account and putting a fake link to download a fake wallet
Then they could cause major damage because not everyone checks the software they download

Not really, it is the same thing. Does the software provider usually post links to download wallets like this? If not, then something is probably wrong. The more dangerous attack is a silent compromise of the usual method of delivery, like the download page of the ledger website.

I'll give you an example of how dangerous it can be for someone to take over an X or Discord account
Generally, companies do post official links, and many people, myself included, use official sources to enter a site
Obviously I check more than one source so there's no mistake

Look at Ledger's X profile, imagine someone steals the account for a few hours and changes the official site

Code:

shop.ledger.com

 to

Code:

shop.Iedger.com

Or something similar, it's not easy to note the difference in the browser, sometimes it's easy to make a mess with I L l i etc

[Moreno233]

This scam is not new but it happened again.

Ledger discord server was compromised by hacker. Some users tried to caution people about it being a scam, but the hackers makes them not to be able to that. The hackers promoted users to another website to trick users to input their seed phrase. Coins of anyone that input his or her seed phrase will be stolen by the hacker. The hacker started by compromising one of the Ledger's moderator account.

https://www.mitrade.com/insights/news/live-news/article-3-813814-20250512

People especially Ledger users should know already this type of scam. The letters or mail sent to Ledger users recently is related to this as it contains a QR code that Ledger users can scan and use to update their seed phrase. If they put their seed phrase there, their coin will be stolen by the hacker.

The scam is supposed to be easy to evade by anyone who have been following discussions in this forum because they already gave a clue that people would used to see the red flag. Anything that prompt users to input their seed phrase is definitely a red flag. Unfortunately, there are people who will fall for such cheap scam due to ignorance. Anyways, if people can fall for scam that promises to double their investment in 15 minutes, then they can fall for this one with joy.

[joniboini]

The scam is supposed to be easy to evade by anyone who have been following discussions in this forum because they already gave a clue that people would used to see the red flag. Anything that prompt users to input their seed phrase is definitely a red flag.

I'm pretty sure most wallets already notify their users that they won't ask for their seed phrase when they're creating a new wallet or other channels. Similar messages usually get posted regularly on their social media, too. Even if hackers hack those accounts, they don't change those messages, which is quite weird. I guess they don't want people to notice they're doing it early.

Basically, people don't have to be necessarily active on this forum to know that red flag. But yeah, some people still fall for tricks like this, so hopefully they'll learn from reading this thread, news, or other media. CMIIW.

[ThemePen]

It is worrying that this kind of trick is happening again especially to people who use Ledger to keep their cryptocurrency safe. Ways these hackers work like taking over accounts to stop people from warning others and using fake websites to steal secret recovery phrases are quite clever and scary. They are using QR codes in emails to scam people into giving away their secret words. This shows that everyone needs to be very careful all time. You are right people who use Ledger and anyone who deals with crypto must be very suspicious of any messages that ask for their secret phrase or tell them to go to unknown websites. This is just strong reminder that keeping our digital money safe means we need to be aware and not trust everything we see.

[Outhue]

Are there people that still fall for this scam again? There are too many gullible people in crypto space, they are here to make money and they leave their brains behind in their closest.

Before using a crypto wallet you are told everything you needed to know, and that includes not giving out your seed phrases even if the person or company asking is the same people that build your crypto wallet or hardware.

It's 2025, and people still don't know that any social media account can be hijacked or hacked? There js always a purpose for hackers to steal people's social media account, it's for attacks like this to work on gullible people.

Sorry but not sorry that people fall victim to such stupid thing, and again after several similar attacks online?

[Altryist]

It is worrying that this kind of trick is happening again especially to people who use Ledger to keep their cryptocurrency safe. Ways these hackers work like taking over accounts to stop people from warning others and using fake websites to steal secret recovery phrases are quite clever and scary. They are using QR codes in emails to scam people into giving away their secret words. This shows that everyone needs to be very careful all time. You are right people who use Ledger and anyone who deals with crypto must be very suspicious of any messages that ask for their secret phrase or tell them to go to unknown websites. This is just strong reminder that keeping our digital money safe means we need to be aware and not trust everything we see.

Lately, I’ve been seeing a lot of news regarding Ledger, where scammers are trying to get hold of users’ seed phrases. Not long ago, there were people get mails claiming that in order to keep their funds safe, users needed to provide their seed phrases. The same applies to the recent hacker attack on Discord it all comes down to scammers trying to steal people’s phrases.

That’s why it’s important to learn rule number one: never, under any circumstances, share your seed phrase with anyone. I believe not everyone fully understands this. There are many users who don’t spend time on forums and don’t have the opportunity to communicate with like-minded people, and I think those people are easier targets for scammers.

[Peanutswar]

Before ive been experience this kind of attack during the NFT era which is one of the project I've joined with is it shows that they launch a new kind of website and you need to connect your wallet and others makes an immediately update to connect their account just to claim the rewards afterwards they did notice by the other staffs that the other member or the discord is getting attacked by the hacker and some of the affected accounts already drained the wallet they have the same with the discord reason why people now leave with the project I thought its already ended but seems still they are doing this kind of attack with a low security servers.

[Polkeins]

Are there people that still fall for this scam again? There are too many gullible people in crypto space, they are here to make money and they leave their brains behind in their closest.

Before using a crypto wallet you are told everything you needed to know, and that includes not giving out your seed phrases even if the person or company asking is the same people that build your crypto wallet or hardware.

It's 2025, and people still don't know that any social media account can be hijacked or hacked? There js always a purpose for hackers to steal people's social media account, it's for attacks like this to work on gullible people.

Sorry but not sorry that people fall victim to such stupid thing, and again after several similar attacks online?

I think we can't blame users cause this is wrong. After all it was the official account of a company that develops cold cryptocurrency wallets and their discord was hacked and most people logically assume that Ledgerhas several levels of security, just to avoid such cases.
Although there was never any information anywhere that someone lost cryptocurrency because of Ledger mistake directly, but the latest news is alarming, first there was a hack leaked personal data of users who bought Ledger, now there is a hack of the account in Discord and all this does not add confidence in the company ledger and safety of cryptocurrencies in their hardware crypto wallets.

[The Sceptical Chymist]

I swear for years I thought I was immune to these idiotic phishing e-mails, but apparently that imagined immunity has worn off, because I got this sent to an e-mail account that I don't think I ever provided to Ledger:



And boy, do they ever want the seed to my piece of gonorrhea dogshit Ledger device that is now in a landfill where it belongs:



Ledger can suck it, and so can these scammers.

[SFR10]

I got this sent to an e-mail account that I don't think I ever provided to Ledger:

Have you checked "HaveIBeenPwned" to see if your email address has been part of other data breaches? I remember reading about other users in the past who received similar emails despite not having any Ledger products ^{[scammers tend to do such things in the hopes that it'd reach their targeted audience]}.

[Lucius]

As long as the integrity of their wallet is safe, i'm fine. Social engineering scams will always work to some degree, and no one is trully safe, not even experienced mods.
Scammers are tricky, and sooner or later they will find a "trap" that people will fall for. Be vigilant and assume every message is a scam attempt, even from your mother

Some would disagree with the fact that it is safe - because if their firmware has the ability to share seeds with remote servers, I wonder how anyone can feel safe using their devices? As a company, they have made huge money from their products, but since their fame went to their heads, they have only had scandal after scandal.

~snip~
Ledger can suck it, and so can these scammers.

You're right, you're sending them the right message - I didn't throw my devices in the trash, I just use them as possible bait if I ever need them (I hope not). Imagine a situation where thieves force me to hand over my cryptocurrencies, and after a little "persuasion" I give them my old Ledger, and then one of them says "are you still using that junk?"

[The Sceptical Chymist]

Have you checked "HaveIBeenPwned" to see if your email address has been part of other data breaches? I remember reading about other users in the past who received similar emails despite not having any Ledger products ^{[scammers tend to do such things in the hopes that it'd reach their targeted audience]}.

I have indeed checked that site, though it was a while ago and I'm not sure I checked the e-mail address that these phishing attempts were sent to--so thank you for reminding me of its existence.  I'm going to bookmark it and I'll probably research every single e-mail account I've ever used.

~snip~
Ledger can suck it, and so can these scammers.

You're right, you're sending them the right message - I didn't throw my devices in the trash, I just use them as possible bait if I ever need them (I hope not). Imagine a situation where thieves force me to hand over my cryptocurrencies, and after a little "persuasion" I give them my old Ledger, and then one of them says "are you still using that junk?"

Good idea, though in my case I don't think anyone would come looking for a huge crypto stash to steal from me.  If they did, they'd be sorely disappointed whether I used a decoy or not.  Lol.

[Cricktor]

I wonder why those Ledger clowns can't secure their important accounts. Any important account should be secured with 2FA and/or passkeys to make login details phishing ineffective and account compromise nearly impossible. This is so basic account security 101 that I'm puzzled it's still possible. Can we assume Ledger clowns don't give a shit on basic security?

The sad part of this is that those who fall for this crap really don't know how BIP-39 and HD wallets work. Let's dissect this bullshit a bit.

...including recovery phrase configurations.

Why would Ledger has your recovery phrase, unless you were stupid enough to subscribe to their infamous Recovery subscription service?

While your device remains secure, unauthorized access to your seed phrase could compromise your funds.

Yeah, sure, you have to believe their words that their devices are secure. You really believe anything from those clowns? The rest of the sentence is obviously true, and that's exactly what is going to happen if you proceed with the provided link and instructions.

Any HD wallet user has to know: never expose your mnemonic recovery details to any online website. NEVER EVER! If you're asked to do so, it's a scam.

We strongly urge you to verify your recovery phrase immediately.

Why is that needed now? Any HD wallet user should've done the verification of a successful wallet recovery after the initial setup of the wallet. After you verified successful recovery nothing will and can change regarding your recovery details. The smallest change of your recovery words or optional mnemonic passphrase yields a completely different and empty wallet.

The rest of the depicted instructions should ring so many alarm bells, but unfortunately that's apparently not the case for everyone. Securing your wallet and your private keys comes with responsibility. If you don't acknowledge this and act accordingly, your coins and you will part, sooner or later.

[NotATether]

At this point it might even seem wiser to use an old phone as a hardware wallet - one that has a secure element at least - than to go through the perils of giving your home address to these leaky hardware wallet vendors and wondering if the customer support you are trying to contact is really genuine.

The concept is good, but the logistics are some of the worst I have ever seen in terms of security.

[dkbit98]

At this point it might even seem wiser to use an old phone as a hardware wallet - one that has a secure element at least - than to go through the perils of giving your home address to these leaky hardware wallet vendors and wondering if the customer support you are trying to contact is really genuine.

It depends what type of old phone you are using and how are you using it, both have pros and cons.
I am never going to support ledger, tangem or any other closed source devices that leaked something in past.
Maybe best alternative that is not expensive is to buy blank compatible javacards and load Satochip (or Keycard) open source code in them.
Than later you can add Keycard Shell or make your own DIY card reader with screen.

[The Sceptical Chymist]

Have you checked "HaveIBeenPwned" <snip>

Well now, I just have to laugh.  I checked one of my addresses and it was compromised right here on bitcointalk two months after I registered.  Gotta love it.

But all that's off-topic.  On the same e-mail address I took the screenshots from in my last post, I keep getting those dumb ass phishing attempts; I checked the most recent and it differs from the one I showed earlier by just a bit and the sender's address is different every time.  I can definitely see how something like this might cause panic in a newbie's body, but if you know how the basics work and read the messages closely, it's fucking laughable.






That "noreply@useinsider.com" address almost looks like this is the work of an amateur who's run out of e-mail domains.

[dumpsterhawk]

Now what's worrying is the possibility of someone hacking into an official X or Discord account and putting a fake link to download a fake wallet
Then they could cause major damage because not everyone checks the software they download

Not really, it is the same thing. Does the software provider usually post links to download wallets like this? If not, then something is probably wrong. The more dangerous attack is a silent compromise of the usual method of delivery, like the download page of the ledger website.

I'll give you an example of how dangerous it can be for someone to take over an X or Discord account
Generally, companies do post official links, and many people, myself included, use official sources to enter a site
Obviously I check more than one source so there's no mistake

Look at Ledger's X profile, imagine someone steals the account for a few hours and changes the official site

Code:

shop.ledger.com

 to

Code:

shop.Iedger.com

Or something similar, it's not easy to note the difference in the browser, sometimes it's easy to make a mess with I L l i etc

That is where the mistake lies. You are not supposed to click these links, but go to their website using your own bookmarks after there has been an announcement. A simple check of the official website will reveal whether something is going or not. As I said, silent compromise is much worse. In this case even a saved bookmark of the real website will not help you and it requires additional research and verification of the information. This is more than most people are capable of.