Hardware wallet provider Ledger has confirmed its Discord server is secure again after an attacker compromised a moderator’s account to post scam links on May 11 to trick users into revealing their seed phrases on a third-party website.
“One of our contracted moderators had their account compromised, which allowed a malicious bot to post scam links in one channel,” Ledger team member Quintin Boatwright wrote on the Ledger Discord server.
“The issue was quickly contained: the compromised account was removed, the bot was deleted, the website was reported, and all relevant permissions were reviewed and secured.”
Some members in Ledger’s Discord channel claimed the attacker abused moderator privileges to ban and mute them as they tried to report the breach, possibly slowing Ledger’s reaction.
Boatwright said the security breach was an isolated incident and that Ledger has taken additional measures to strengthen its security