Crypto Users Targeted in Shocking Ledger Scam

CZ reveals Ledger Discord hack used to steal user recovery phrases through a fake security alert and phishing website.

Fridah Kangai
May 13, 2025
12:36 am

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

Ledger’s Discord admin account was hacked and used to spread a phishing scam targeting wallet users.
CZ warned the crypto community to never share recovery phrases, even when messages appear official.
The fake alert used urgent language and a cloned website to trick users into handing over their wallet access.

The crypto community gasped in shock after a huge wake-up call by Changpeng Zhao saw an evil scam targeting Ledger users. The alert revealed the case of how the Discord admin account of Ledger, one popular hardware wallet provider, got hijacked and used to carry out a phishing campaign.

According to CZ, the attacker phished as though he was a Ledger staff member and broadcasted a fake warning claiming a critical security flaw. According to the false message, this vulnerability was alleged to have potentially compromised sensitive user data (such as 24-word recovery phrases).

Just got this security warning.

Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site.

Lessons:
1. Never give up your private key recovery phrases no matter who is doing the…
— CZ 🔶 BNB (@cz_binance) May 12, 2025

Victims were then taken to a fake site pretending to be an official Ledger verification portal. Users were informed to add their wallets and bring in recovery phrases for account safety confirmation. Anyone taking these steps risks losing control over the scammer’s assets.

The message was written using urgent and persuasive language and generated panic, further boosting the user’s compliance. It even talked about compensation and support for the trust and legitimacy of the affected users.

CZ posted the details about X and recommended that users never share their secret recovery phrases, regardless of any condition. He explained that recovery phrases are the keys to a user’s wallet but should never be public.

This latest scam spotlights a thriving problem in the crypto market: the exploitation of trusted social media accounts. When cybercriminals get in, they exploit the platform’s credibility to propagate fake updates and deceive users.

Zhao observed that many companies tend to underestimate their communication platforms’ security. One corrupted account can lead to thousands of fraud victims. This type of attack is increasingly growing, especially on platforms like Discord and X.

The phishing link in this scam looked very similar to that of a Ledger official domain, making it difficult for users to identify fraud in good time. The attacker exploited Ledger’s reputation and format to gain trust quickly and trick the community.

The Ledger scam is a significant warning to the world’s crypto users. Always authenticate alerts on official company sites – never share recovery phrases on the internet/web. Always being aware and vigilant is still the best protection from increasing dangers in the crypto world.

Also Read: Trump’s Shocking China Deal Triggers Massive Bitcoin Surge and Altcoin Boom