- CZ alerts users after a phishing scam targeted Ledger’s Discord community.
- Ledger confirms a contractor moderator’s account was compromised, not the platform itself.
- CZ reminds users never to share recovery phrases, no matter who’s asking.
Binance founder Changpeng Zhao (CZ) has warned crypto users after a phishing scam targeted Ledger’s Discord community. The phishing attack involved a compromised contractor’s account and, importantly, did not result from a breach of Ledger’s systems.
Ledger has since confirmed the message was fake and part of a sophisticated social engineering attack, a common crypto phishing attack vector.
Fake Vulnerability Alert Used in Ledger Discord Phishing Attempt
The phishing attempt involved a fraudulent message posted on Ledger’s Discord server. It falsely claimed there had been a critical vulnerability in Ledger’s security systems that may have exposed user data. This includes 24-word recovery phrases, shipping details, and transaction history.
Related: Binance’s CZ Criticizes Safe’s Bybit Hack Report as ZenGo Expands TRX Wallet Features
The fake message directed users to a phishing website disguised as a verification portal. Victims were urged to connect their wallets and enter their recovery phrases under the pretense of verifying their security status and receiving compensation for the supposed breach.
CZ Warns: Social Media is a Major Crypto Security Risk
Sharing the details of the fake announcement, CZ reminded users to stay vigilant, especially when interacting on social media.
“Never give up your private key recovery phrases, no matter who is doing the asking,” CZ said on X. Zhao stressed that social network accounts for a crypto company are often their weakest links.
The statement highlights ongoing concerns in the crypto community about the susceptibility of social platforms to impersonation and other forms of social engineering.
Ledger Confirms No System Breach, Attack Contained Quickly
In response to CZ’s post, Ledger clarified that its core systems and administrative Discord accounts were not compromised. The company stated that a third party accessed a contractor moderator’s account, using it to post the phishing message in one Discord channel.
According to Ledger, the issue was detected and resolved in less than an hour. The compromised account was removed, the phishing site was reported, and all permissions were reviewed and secured. The company also reinforced its Discord security policies following the incident.
Related: Ledger Pushes Update as Wallet Users Targeted in Sophisticated Attack
Ledger reminded users that it will never request recovery phrases through Discord, email, or any third-party service. All official announcements and updates should only be accessed via Ledger.com or its verified X account.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
