Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…
Ledger, a hardware wallet manufacturer, which has historically been known by the reputation of keeping crypto assets offline, has suffered another data exposure incident and has brought back old worries regarding the privacy of customers and third-party risk in the industry.
On January 5, 2026, blockchain researcher ZachXBT revealed that the personal information of Ledger customers was accessed in a hack on Global-e, a payment processor that the company uses.
Ledger Breach Raises Phishing Concerns Despite No Wallet Impact
ZachXBT reported that victimized customers were sent an email informing them that Global-e had noticed suspicious activity in some part of its cloud environment.
The payment company claimed that it was fast enough to lock down and take control of its systems after it detected the problem and contracted external forensic investigators.
No indication was given that there was an exposure of payment card details, passwords, recovery phrases, and wallet private keys.
Ledger stated in the email that the intrusion was at the level of a third-party partner and not in the fundamental security of its hardware wallets.
While funds remain safe, security researchers and community members warned that the exposure significantly increases the risk of targeted phishing and social engineering attacks, particularly given Ledger’s history.
This latest incident comes at a sensitive time for crypto security. It follows days after Trust Wallet users suffered unauthorized fund outflows linked to a compromised browser extension and days after attackers targeted MetaMask users in coordinated wallet-draining attempts.
Although unrelated technically, the clustering of incidents has heightened user anxiety across the ecosystem.
Ledger’s name carries particular weight in data breach discussions due to the severe fallout from its 2020 e-commerce and marketing database leak.
That breach exposed roughly 1.1 million email addresses and detailed personal information, including home addresses and phone numbers, for about 292,000 customers.
The data was later dumped publicly, leading to years of persistent phishing campaigns, extortion attempts, and even reports of physical threats against known crypto holders.
Repeated Data Leaks Expose Long-Term Risks for Ledger Users
The company has also faced other security challenges, as in December 2023, attackers compromised Ledger’s Connect Kit JavaScript library through a supply-chain exploit, draining nearly $500,000 from users who interacted with affected decentralized applications during a short window.
Security experts note that while the hardware wallets themselves remain uncompromised, repeated leaks of customer data create long-term risks that extend beyond immediate financial loss.
Exposed personal information is often reused in highly convincing phishing campaigns, including fake emails, messages, and even physical letters.
In April 2025, Ledger users received professionally designed mail telling them to scan QR codes and input their 24-word recovery phrases, which was a scam that the company confirmed to be fake.
Some community members traced those efforts back to data obtained during earlier breaches, showing how long such incidents can echo.
The Ledger hack also confirms a larger pattern in the industry, as in December 2025, crypto tax software maker Koinly alerted users that their email addresses and basic profile information might have been leaked in a hack on analytics firm Mixpanel.
Supply chain vulnerabilities are mentioned by investigators and regulators as one of the least secure links in crypto security, as attackers focus on vendors who have access to user data, not core systems.
The attackers are dynamic and evolving in spite of the reported reduction of phishing-related losses by 83% in 2025.
Security companies have noted that the number of losses peaks during times of high activity in the market, and low-activity markets have lower incidences.
