Targeted Phishing Campaign Hits Ledger Users Following Global-e Breach
A new phishing campaign is currently targeting users of Ledger, the leading hardware wallet provider, following a significant data breach at Global-e, a third-party e-commerce company associated with Ledger. The attack appears to have exploited sensitive order data that was leaked, allowing cybercriminals to send highly personalized scam emails aimed at duping unsuspecting Ledger customers. These fraudulent communications falsely claim that Ledger is merging with Trezor, a competing cryptocurrency wallet manufacturer, and encourage recipients to take urgent action concerning their assets.
Ledger disclosed the breach earlier this week, reporting that personal information from Global-e’s database, including names, email addresses, phone numbers, and order details, had been compromised. The timing of the breach provided a compelling basis for the scammers to create realistic-looking phishing emails, tailored to their targets with specific purchase information. This technique significantly elevates the credibility of the scams, making them more difficult for users to identify as fraudulent.
The scam emails prompt recipients to “secure” their digital assets in light of the purported merger, guiding them to malicious links that lead to counterfeit websites mimicking Ledger’s official branding. These fake sites request the entry of 24-word recovery phrases, which when submitted, grant attackers complete control over the users’ wallets. The reliance on authentic customer data not only amplifies the effectiveness of these phishing attempts but also warns of broader implications concerning data security measures for third-party service providers.
Global-e has initiated an internal investigation and is collaborating with cybersecurity firms to evaluate the scope of the breach. They reported that no financial data was exposed and emphasized that the incident was confined to customer contact and order information. However, the number of affected users remains undisclosed, raising concerns over the scale of the impact.
In response to the situation, Ledger has engaged with data protection authorities and is cooperating with law enforcement agencies to mitigate the effects of this attack. The company has reiterated its policy of never requesting recovery phrases or private keys from users, a reminder crucial in educating users about safeguarding their information against such scams.
While Ledger has faced several security challenges in recent years, this incident occurs against the backdrop of declining overall phishing losses in the cryptocurrency sector. Despite the unsettling nature of high-profile breaches, reports indicate that crypto-related phishing scams resulted in approximately $83.85 million in losses for 2025, a sharp decline of 83% compared to previous years. Nevertheless, fluctuations in the market often correlate with increased phishing activity; the largest single attack recorded in September alone accounted for losses of $6.5 million, highlighting the persistence of the threat landscape.
This incident serves as a stark reminder for business owners and tech-savvy professionals about the evolving nature of cybersecurity threats. It underscores the importance of vigilance in recognizing potential scams, particularly those exploiting recent breaches for nefarious purposes. The techniques employed in these phishing attacks appear to align with entries in the MITRE ATT&CK framework, particularly focusing on tactics such as initial access through credential theft and social engineering, and persistence through phishing.
As the cybersecurity environment continuously shifts, it remains crucial for individuals and businesses to remain aware of the potential risks and to adopt robust security practices to safeguard sensitive information from cyber threats. Continued education and vigilance are necessary to counteract the methods employed by attackers, especially as they adapt to new vulnerabilities.
