On January 5, 2026, Ledger announced that their payment processor Global-e suffered a data breach, affecting Ledger users. Ledger has confirmed that users’ personal details may have been released, including names and contact information, though the number of affected users is still unknown. Ledger emphasized that their users’ wallet balances, private keys, and recovery phrases were not compromised in the attack.
Ledger users need to be aware that they may be targeted by phishing emails, vishing calls, and smishing text messages by criminals who have obtained their data. It is best not to initiate any contact and know that Ledger will not contact them to ask for any information or take a specific action, such as download software or click on a link. Past data breaches of Ledger users’ information were followed up by criminals contacting users to obtain sensitive information such as their recovery phrase or to convince users to download malicious software that appeared to be Ledger Live.
Global-e, in an email, stated that it detected unusual activity and took swift action, “We retained independent forensic experts to conduct an investigation into the incident, and we were able to determine that some personal data including name and contact information were improperly accessed.”
In 2020, Ledger was affected by a data breach that exposed the personal information of over 270,000 customers through Ledger’s e-commerce partner Shopify. In 2023, hackers stole almost $500,000 due to an exploit involving Ledger’s Connect Kit software library. Hackers injected malicious code into Ledger Connect Kit, which affected anyone who interacted with a dApp that had integrated the compromised code, even if they used a physical Ledger hardware wallet. The code acted as a “wallet drainer” tricking users into unknowingly signing transactions that transferred their funds to the attacker’s wallet. Ledger took quick action and was able to deploy a fix within 40 minutes of discovering the malicious file, though the malicious file was live for around 5 hours total.
With repeated supply-chain exploits and data breaches affecting Ledger users, there are concerns that data from multiple breaches may be used to continue to target Ledger users in spear-phishing attacks. Unlike most phishing attacks, spear-phishing attacks are highly targeted and customized to the victims.
Ledger told CoinDesk via email that “We remain united with the industry at war against hackers and bad actors who are tirelessly trying to steal users’ information in the ecosystem and e-commerce space at large.”
At CNC Intelligence, we routinely investigate cryptocurrency-related fraud and have received reports of Ledger users being targeted long after prior data breaches, so users should be cautious, no matter how much time has passed.
It is important for everyone, especially Ledger users, to remember these safety tips:
- Do not respond to unsolicited emails, calls, or text messages
- Do not click links or download files from unsolicited messages
- Never share your recovery phrase or approve transactions under pressure
- Do not send crypto or funds to anyone who contacts you first
- Independently verify any company contact using official websites or verified social profiles, never click links provided in the emails or text messages
For a detailed breakdown of Ledger’s security model, past incidents, and what this means for users today, read our in-depth review: Is Ledger Still Safe in 2026?
Written by Matthew Stern
Lead Investigator and CEO of CNC Intelligence