Ledger Hit With Security Incident After Global-e Order Data Exposure

5 January 2026 - 18:00 CET
Hackers

Crypto hardware wallet provider Ledger has warned customers that personal information linked to purchases on Ledger.com may have been compromised following a security incident at Global-e, a third-party merchant-of-record used for cross-border orders.

 

In a statement to Sandmark, Ledger confirmed the incident was confined to Global-e’s systems and did not impact the security of any Ledger hardware, firmware, or the Ledger Live platform.

The breach details

"Ledger was made aware of an incident at Global-e... consisting of unauthorized access to order data," the company stated. "Some of the data accessed pertained to customers who purchased Ledger.com using Global-e as a Merchant of Record."

Ledger emphasized that because its devices are self-custodial, the third-party partner never possessed critical secrets. "Global-e does not have access to your 24-word seed phrase, blockchain balance, or any secrets related to your digital assets. Importantly, no payment information was involved."

The threat: Targeted phishing

While the devices remain secure, the leaked data, likely including names, emails, and phone numbers, creates an immediate vector for high-fidelity phishing.

This exposure aligns with the "unidentified drainer" activity flagged earlier today by security researchers. Fraudsters often use valid order data to craft convincing emails (e.g., "fake shipping updates" or "security alerts") that direct users to malicious sites. Once there, victims are tricked into signing transactions that drain their wallets.

Timeline of exposure

 The incident adds to a history of third-party data struggles for the hardware manufacturer:

  • July 2020: Marketing database breach exposed 1mn email addresses.
  • Dec 2020: Data from the July breach leaked publicly, fueling a wave of SIM-swapping and extortion.
  • Jan 2021: Shopify insider incident exposed additional customer data.
  • Dec 2023: Supply-chain attack on Ledger’s "Connect Kit" library.
  • Jan 2026: Global-e order data breach.

Security posture

Security analysts emphasize that there is no evidence of a firmware-level compromise. The attack vector is purely social engineering. Ledger reminded users that it will never ask for a 24-word recovery phrase and advised customers to rely on "Clear Signing" verification tools on the device itself to validate transaction details.