Hardware wallet manufacturer Ledger has suffered another data breach, this time through its third-party payment processor Global-e, according to disclosures shared by on-chain investigator ZachXBT.
The incident resulted in the exposure of some customers’ personal information, including names and contact details. The breach does not involve private keys, wallet firmware, or on-chain assets, but it adds to a growing list of security concerns tied to Ledger’s external service providers.
What Happened
According to the information shared publicly, Global-e identified unusual activity within a portion of its network.
Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information).
Earlier today customers received the email below. pic.twitter.com/RKVbv6BTGO
— ZachXBT (@zachxbt) January 5, 2026
After detecting the issue, the company moved to contain the incident and secure affected systems. Independent forensic experts were brought in to investigate the scope and cause of the breach.
Customers began receiving notification emails explaining that certain personal data, specifically names and contact information, had been improperly accessed. The message emphasized that the activity was limited in scope and that remediation steps were taken immediately after detection.
How the Breach Occurred
The breach did not originate from Ledger’s core infrastructure. Instead, it occurred through Global-e, which handles payment processing and customer checkout services. This distinction is critical: while sensitive cryptographic material remains unaffected, customer data stored or processed by third-party vendors remains a recurring vulnerability point.
This mirrors earlier incidents in the hardware wallet industry, where external partners, rather than wallet software or hardware, became the weakest link in the security chain.
Why It Matters
Even without access to wallets or funds, leaked personal data can pose serious risks. Exposed names and contact details can be used for targeted phishing campaigns, social engineering attacks, and impersonation attempts, threats that are especially dangerous in the crypto space.
Security researchers have repeatedly warned that attackers often combine leaked customer data with fake support messages or malicious wallet update prompts to trick users into revealing recovery phrases.
What Users Should Do
Customers affected by the breach are advised to remain vigilant:
- Be cautious of unsolicited emails, calls, or messages claiming to be from Ledger or related services
- Avoid clicking links or downloading files from unexpected communications
- Never share recovery phrases or private keys, regardless of how legitimate a request appears
Ledger users should rely only on official channels and verified domains for updates or support.
Ongoing Investigation
Global-e has stated that the incident has been contained and that the investigation is ongoing. At the time of disclosure, no evidence suggested broader system compromise beyond the exposed personal data.
While the breach does not threaten wallet security directly, it reinforces an uncomfortable reality for crypto users: even when self-custody tools are secure, off-chain data held by third parties can still introduce meaningful risk.
