CZ in the Crosshairs: Binance Founder Hit with Security Alert as Ledger’s Discord Gets Breached
Another day, another crypto security scare—this time hitting industry heavyweights. Binance’s Changpeng Zhao (CZ) gets slapped with a formal security warning while Ledger’s Discord admin account gets jacked. Because nothing says ’decentralized future’ like centralized points of failure.
First up: CZ’s security alert. Details remain scarce, but regulators are circling—because nothing gets bureaucrats harder than a billionaire in their crosshairs. Meanwhile, Ledger’s compromised Discord channel spreads malicious links like a Vegas buffet. Pro tip: If an admin DMs you about a ’secret wallet drainer opportunity,’ maybe don’t click.
Silver lining? At least the hackers aren’t targeting your 401(k)... yet. The crypto markets barely flinch—because volatility is so 2022.
Ledger has contained the damage
As reported by Cryptopolitan earlier today, the hardware wallet provider confirmed that a moderator’s account on its Discord server was compromised but is now back in the firm’s control. The attacker had replicated the style and tone of a legitimate Ledger message, even listing steps to “secure” user wallets.
Ledger’s internal team responded by disabling the affected moderator’s account, removing the malicious bot, and conducting a full audit of server permissions. They also flagged the phishing website in question to stop users who were still unaware from accessing it.
Back in March, Ledger’s internal security unit, Donjon, revealed a vulnerability in competing wallet provider Trezor’s SAFE series. According to Donjon, the issue stems from the microcontroller used in Trezor’s devices, which remains susceptible to physical attacks.
State of phishing websites: Punycode attacks
On Sunday, a separate incident reported by blockchain security firm SlowMist saw a crypto user lose more than $20,000 due to a phishing scam involving a fake version of the ChangeNOW exchange. The incident occurred while the victim used Google Chrome to access what they believed was the real site.
The fake domain employed a tactic known as a Punycode attack, where malicious actors register domains that appear identical to legitimate ones by swapping letters with similar-looking characters from different alphabets. In this case, a Cyrillic ‘е’ replaced a Latin ‘e’, creating a site that was visually indistinguishable from the original ChangeNOW platform.
Victims, upon visiting such domains, may be coaxed into entering login credentials, downloading malware, or, in crypto-related scams, providing wallet seed phrases. Once this data is acquired, attackers gain complete control over user funds.
In 2017, PayPal users were targeted via a fake Punycode domain that impersonated the official site, stealing user credentials and siphoning funds. The hackers sent several emails to users, with one claiming that Bitcoin had been sent to their accounts from an exchange, as seen in a post on the subreddit r/CryptoCurrency.
“This email actually originated from PayPal. It passed through PayPal’s mail transfer agent (MTA) systems and, as such, was allowed in by Google’s MTA systems. Not good,” said the PayPal account holder who discovered the scam.
Between 2016 and 2018, Punycode domains were cited in a 25% increase in phishing incidents, according to a cybersecurity study. Most users are unaware of Punycode encoding and cannot easily detect these fake URLs, especially when the rest of the webpage is awfully similar to the official one in design and language.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
