Ledger, the prominent provider of crypto hardware wallets, has reported a security breach involving its third-party payment processor, Global-e. This incident has led to the exposure of customer names and contact details. Although the exact number of affected customers remains undisclosed, it’s important to clarify that this breach did not involve direct theft of cryptocurrencies. Rather, the leaked information raises concerns about potential future attacks targeting Ledger customers.
Ledger’s hardware wallets secure cryptocurrencies by keeping the private keys for transaction signing separate from internet-connected devices. This offline approach safeguards users’ holdings, even if their computers or smartphones are compromised by online threats.
The situation is particularly ironic given that Ledger specializes in delivering high levels of technical security to its users, leaving both enthusiasts and skeptics of cryptocurrency questioning how such a breach could occur.
Community alert: Ledger had another data breach via payment processor Global-e leaking the personal data of customers (name & other contact information).
Earlier today customers received the email below. pic.twitter.com/RKVbv6BTGO
— ZachXBT (@zachxbt) January 5, 2026
Global-e, responsible for processing orders from Ledger’s online store, identified the breach, isolated affected systems, and initiated notifications to impacted customers. Communication regarding the breach began to reach those affected around January 5, as reported by blockchain analyst ZachXBT.
Ledger has assured its customers that its own systems have not been compromised and that Global-e did not have access to sensitive data such as the 24-word recovery phrases crucial for cryptocurrency access. The company has advised users to enable Clear Signing, which provides detailed visibility into outgoing transactions, and to remain vigilant against phishing attempts that could exploit the leaked information.
This incident is a stark reminder, occurring almost six years after a significant breach in 2020 that affected over 270,000 customer records, including sensitive personal information. That breach was linked to a marketing database hack and has been associated with sustained phishing campaigns targeting Ledger users.
Recent studies indicate a significant increase in cryptocurrency thefts, with estimates reaching $3.4 billion for the year 2025 alone. Moreover, physical attacks on cryptocurrency holders have nearly doubled, highlighting a troubling trend of coercive tactics where criminals threaten violence to gain access to digital assets. Such risks have led to severe implications for operational security among crypto users, requiring businesses to not only enhance their digital defenses but also prepare for potential physical threats.
The information obtained from breaches like these is often traded on dark web marketplaces, offering criminals actionable insights for targeting individuals likely to possess valuable crypto assets. This reality underscores the necessity for users and service providers to adopt a comprehensive approach to security, considering the implications of irreversible transactions against the backdrop of lax personal data management. As digital currency becomes more prevalent, users will need to take on greater responsibility for the security of their assets.
Given the nature of this breach, potential MITRE ATT&CK tactics involved may include initial access through phishing or exploitation of vulnerabilities within the Global-e system. Furthermore, tactics related to credential access and data exfiltration may have played a role. Businesses must recognize that while hardware wallets are paramount in countering online threats, they offer limited protection against in-person coercion tactics, especially in a landscape where physical assaults related to cryptocurrency theft are increasing.
