Hardware wallet provider Ledger has confirmed its Discord server is secure again after an attacker compromised a moderator\u2019s account to post scam links on May 11 to trick users into revealing their seed phrases on a third-party website.<\/p>\n
\u201cOne of our contracted moderators had their account compromised, which allowed a malicious bot to post scam links in one channel,\u201d Ledger team member Quintin Boatwright wrote<\/a> on the Ledger Discord server.\u00a0<\/p>\n \u201cThe issue was quickly contained: the compromised account was removed, the bot was deleted, the website was reported, and all relevant permissions were reviewed and secured.\u201d<\/p>\n Some members in Ledger\u2019s Discord channel claimed<\/a> the attacker abused moderator privileges to ban and mute them as they tried to report the breach, possibly slowing Ledger\u2019s reaction.<\/p>\n Boatwright said the security breach was an isolated incident and that Ledger has taken additional measures to strengthen its security on Discord, a chat platform many crypto projects use to share protocol developments and engage with their community.\u00a0<\/p>\n Using the compromised Ledger community manager account, the hacker told Ledger Discord members that there was a recently discovered vulnerability in the firm\u2019s security systems and strongly urged all users to verify their recovery phrases<\/a> with a scam link, according <\/a>to several screenshots shared on X.\u00a0<\/p>\n Ledger users were asked to connect their wallets and follow on-screen instructions.<\/p>\n Source: <\/em>ecurrencyholder<\/em><\/a><\/p>\n It isn\u2019t clear whether anyone was affected by the security breach.\u00a0Cointelegraph has reached out to Ledger for comment. <\/p>\n In April, scammers were mailing physical letters to owners<\/a> of Ledger hardware wallets, asking them to validate their private seed phrases in a bid to access and empty the wallets.<\/p>\n The letter used Ledger\u2019s logo, business address and a reference number to feign legitimacy and asked users to scan a QR code and enter the wallet\u2019s recovery phrase.<\/a><\/p>\n One Ledger user who received the letter speculated whether scammers were sending letters to Ledger customers whose data was leaked in July 2020.<\/p>\n Related: <\/strong><\/em>Jameson Lopp: Most don\u2019t realize how easy self-custody has become<\/strong><\/em><\/a><\/p>\n That incident saw a hacker breach Ledger\u2019s database<\/a> and dump the personal information of over 270,000 of its customers online, which included names, phone numbers and home addresses.<\/p>\n The following year, several Ledger users claimed to have been mailed fake Ledger devices<\/a> that were tampered with and designed to install malware upon use, Bleeping Computer reported<\/a> at the time.<\/p>\nLedger scammers were sending physical letters last month\u00a0<\/h2>\n