Ledger Hardware Wallet Users Hit by Third-Party Data Breach

The incident marks another security concern for the French crypto company, which has faced multiple data exposure events since 2020.

How the Breach Happened

Global-e, a cross-border e-commerce platform that handles international transactions and payment processing for major brands worldwide, detected unusual activity in its cloud systems. The company immediately implemented containment measures and hired independent forensic experts to investigate the unauthorized access.

The breach came to public attention when blockchain investigator ZachXBT shared customer notification emails on social media. Affected Ledger customers received direct communications from Global-e explaining the incident.

According to Ledger’s statement, the unauthorized party gained access to order data stored in Global-e’s information systems. Only customers who made purchases on Ledger.com using Global-e as the merchant of record were potentially impacted.

What Information Was Exposed

The compromised data includes customer names and contact information. However, the exact types of contact details—whether email addresses, phone numbers, or physical addresses—have not been fully specified by either company.

Importantly, several critical types of information were not compromised. Payment details such as credit card numbers and bank account information remained secure. The breach did not affect wallet recovery phrases, private keys, blockchain balances, or any cryptocurrency holdings.

Ledger emphasized that its own hardware, software, and platform systems were not breached. As a self-custodial wallet provider, Global-e never had access to users’ 24-word seed phrases or digital assets. No customer funds are at risk from this incident.

Source: @zachxbt

The company has not disclosed the total number of affected customers. Global-e confirmed that Ledger was not the only brand impacted by the breach, stating that the attacker accessed order data from multiple retailers.

Why This Matters for Crypto Users

While no cryptocurrency was stolen, the exposure of customer contact information creates significant security risks. Attackers can use this data to launch targeted phishing campaigns against known cryptocurrency holders.

According to crypto security firm ScamSniffer, phishing attacks stole $83.85 million in 2025. Ledger customers are particularly attractive targets because attackers know they own crypto hardware wallets.

The leaked information could enable sophisticated social engineering attacks. Scammers might send emails or texts referencing actual purchases or order details to appear legitimate. Some attacks could escalate to phone calls from fake “support representatives” attempting to trick users into revealing their recovery phrases.

In extreme cases, data breaches exposing crypto holder addresses have led to “wrench attacks”—physical threats and extortion attempts. Following Ledger’s 2020 breach, some customers reported receiving threats demanding ransom payments.

Ledger’s Troubled Security History

This incident is far from Ledger’s first data exposure problem. In 2020, the company suffered a major breach through its e-commerce partner Shopify. That incident initially exposed approximately 1 million email addresses and detailed information for about 10,000 customers.

The full scope of the 2020 breach wasn’t revealed until December of that year, when Ledger discovered that 272,000 customers had their names, postal addresses, and phone numbers stolen. An additional 20,000 customer records were later found to be compromised through rogue Shopify employees.

The stolen data was dumped on hacking forums and eventually shared publicly. This led to years of persistent phishing campaigns targeting Ledger users. A class-action lawsuit was filed against both Ledger and Shopify over inadequate data protections.

In December 2023, attackers compromised Ledger’s Connect Kit JavaScript library in a supply chain attack, draining nearly $500,000 from users interacting with affected decentralized applications during a brief window.

More recently, in April 2025, Ledger users received professionally designed fraudulent mail instructing them to scan QR codes and enter their recovery phrases—a scam that the company confirmed was linked to previously stolen customer data.

What Users Should Do

Ledger and security experts are urging affected customers to exercise extreme caution. Users should be highly suspicious of any unexpected emails, text messages, or phone calls claiming to be from Ledger or Global-e.

The most important rule: never share your 24-word recovery phrase with anyone under any circumstances. Neither Ledger nor Global-e will ever request this information. Any communication asking for seed phrases is definitely a scam.

Customers should verify all communications by contacting Ledger or Global-e directly through official channels rather than responding to unsolicited messages. Be wary of clicking links in emails, even if they appear legitimate.

Ledger recommends using Clear Signing transactions where possible and employing Transaction Check when submitting blockchain transactions. These features help verify transaction details before approval.

Following the disclosure, ZachXBT suggested that users consider providing minimal personal information when purchasing hardware wallets to limit exposure in future breaches. Some security-conscious buyers use alternative shipping addresses or limited contact details.

The Bigger Picture

Global-e handles checkout, order processing, and compliance services for numerous major brands including Disney, Netflix, Adidas, and others. The fact that multiple brands were affected suggests the breach stemmed from Global-e’s infrastructure rather than any issue specific to Ledger.

The incident occurred alongside other recent crypto security problems. Trust Wallet’s Chrome extension was compromised in December 2025, leading to approximately $7 million in losses. MetaMask users have also been targeted by phishing scams mimicking two-factor authentication verification.

These repeated incidents demonstrate that supply chain vulnerabilities remain one of the weakest links in crypto security. Attackers increasingly target third-party vendors who have access to user data rather than attempting to breach core wallet systems directly.

For affected users, the main threat is now social engineering rather than direct theft of cryptocurrency. Vigilance against phishing attempts will be crucial in the coming months as attackers likely attempt to exploit the leaked contact information.

Staying Secure in an Insecure World

The Ledger-Global-e breach serves as a reminder that even security-focused companies face risks from their third-party partnerships. While no crypto funds were compromised, the exposure of customer contact information creates lasting vulnerability to social engineering attacks.

Users should remain skeptical of all unsolicited communications and remember that legitimate companies will never request recovery phrases or private keys. As the crypto industry continues growing, both companies and users must maintain constant awareness of evolving security threats.